Section: .. / linux / security /
| /// File Name: |
zm-0.9.16.tar.gz |
Description:
|
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
| | Author: | Philip Coombes | | Homepage: | http://www.zoneminder.com | | File Size: | 349982 | | Last Modified: | Dec 18 00:20:01 2003 |
| MD5 Checksum: | 63616a18a657766bea4b3a8eaf262f56 |
|
| /// File Name: |
viagra.pl |
Description:
|
Viagra.pl is a linux hardening script which implements the /proc suggestions in the article available at http://www.securityfocus.com/infocus/1711. Disables ICMP ping replies, broadcast replies, source routed packets, packet spoofing protection, ignores ICMP redirects, packet forwarding, changes ip fragmentation buffers, allowed local sockets, rate limit ICMP replies, reject new ARP entries, change arp timeouts, enables syncookies, and more.
| | Author: | Luke Macken | | File Size: | 11150 | | Last Modified: | Dec 15 01:07:09 2003 |
| MD5 Checksum: | 0cafdbb608cbd0c630175d54e4e1db13 |
|
| /// File Name: |
enforcer-0_3_ALPHA.tar.gz |
Description:
|
Enforcer is a Linux security module designed to help improve integrity by providing a subset of Tripwire-like functionality with a LKM. It runs continuously and as each protected file is opened its SHA1 is calculated and compared to a previously stored value. The Enforcer can integrate with TCPA hardware to provide a secure boot when booted with a TCPA enabled boot loader.
| | Homepage: | http://enforcer.sourceforge.net | | Changes: | This release only works with 2.6+ because updates were made to take advantage of Linux 2.6+ kernel features such as native kernel crypto and the new build system. Some bugs were squashed, and some features were added. A user-space helper was written to mount an encrypted loopback filesystem where the encryption key is the secret protected by the TPM. Some stand alone programs that implement TCPA functions such as MakeIdentity, CertifyKey, etc. were written. | | File Size: | 249755 | | Last Modified: | Dec 14 17:53:56 2003 |
| MD5 Checksum: | bfb914e98cf37292ffa871337b3f58f2 |
|
| /// File Name: |
psad-1.3.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | There is a buffer overflow bugfix in kmsgsd.c for the size of buf[MAX_LINE_BUF] buffer in read() call. 100 new signatures from snort have been added. Source and destination network processing has been added to the signature matching code, and chain tracking has been added to all signatures. Firewall policy parsing routines have been re-worked. GPG signature available here. | | File Size: | 577192 | | Last Modified: | Dec 3 15:01:54 2003 |
| MD5 Checksum: | 814ebd8147ea46e668e8f64fdd92657d |
|
| /// File Name: |
kstat24_v1.1-2.tgz |
Description:
|
Kernel Security Therapy Anti-Trolls (KSTAT) is a very powerful security tool to detect many kinds of rogue kernel rootkits. It analyzes the kernel through /dev/kmem and detects modified syscalls as well as various other problems. This version runs on 2.4.x only, and can assist in finding and removing trojan LKMs. It supports network socket dumps, sys_call fingerprinting, stealth module scanning, and more.
| | Author: | FuSyS | | Homepage: | http://www.s0ftpj.org/en/site.html | | File Size: | 24472 | | Last Modified: | Nov 30 22:53:12 2003 |
| MD5 Checksum: | 96954a3d4b4dd623480b5ed05a7b7523 |
|
| /// File Name: |
linux-2.2.25-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Ported to kernel v2.2.25. | | File Size: | 27302 | | Last Modified: | Nov 30 22:49:27 2003 |
| MD5 Checksum: | 0ff48567fc27c329d28965e057c2c8a6 |
|
| /// File Name: |
dazuko-2.0.0-pre4.tar.gz |
Description:
|
Dazuko is a kernel module which provides 3rd-party applications with an interface for file access control. Useful for on-demand virus scanning, as a file-access monitor/logger or external security implementations. It operates by intercepting file-access calls and passing the file information to a 3rd-party application. The 3rd-party application then has the opportunity to tell the kernel module to allow or deny the file-access. The 3rd-party application also receives information about the file, such as type of access, process ID, user ID, etc.
| | Author: | John Ogness | | Homepage: | http://www.dazuko.org | | File Size: | 49364 | | Last Modified: | Nov 18 19:47:09 2003 |
| MD5 Checksum: | 5ff92758b9713d0d1756b9d1e15e5d4a |
|
| /// File Name: |
memfetch-0.5.tgz |
Description:
|
Memfetch dumps the memory of a program without disrupting its operation, either immediately or on the nearest fault condition (such as SIGSEGV). It can be used to examine suspicious or misbehaving processes on your system, verify that processes are what they claim to be, and examine faulty applications using your favorite data viewer so that you are not tied to the inferior data inspection capabilities in your debugger.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx | | Changes: | Introduces script for easier regex lookups in memory snapshots, and some other minor fixes. | | File Size: | 12435 | | Last Modified: | Oct 21 13:31:12 2003 |
| MD5 Checksum: | cda6080b905436c11ec996e19c4a5563 |
|
| /// File Name: |
elfcmp-1.0.0.tar.gz |
Description:
|
Elfcmp compares running processes to the their respective binary image to ensure that the process image in memory has not been tampered with after execution. This is useful for security auditing, as other methods that rely strictly on checking disk image checksums are not reliable if only the process image is being tampered with.
| | Author: | Matt Miller | | Homepage: | http://www.hick.org/code.html | | File Size: | 4084 | | Last Modified: | Oct 21 13:24:01 2003 |
| MD5 Checksum: | ae293e91272d71698449a807ba109057 |
|
| /// File Name: |
lsat-0.8.7.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks many insecure system configurations and local network settings on the system for common security/config errors and for unneeded packages. It has been tested on Linux (Gentoo, Red Hat, Debian, etc.) and Solaris (SunOS 2.x).
| | Homepage: | http://usat.sourceforge.net | | Changes: | Fixed problems in the Makefile and in the checkpasswd and checkmd5 modules. More checking was added to the checkwww and checkssh modules. Basic X checking was added in the checkx module. | | File Size: | 65563 | | Last Modified: | Oct 21 13:16:51 2003 |
| MD5 Checksum: | f58e90592926fdf35ab6987e31af5c66 |
|
| /// File Name: |
psad-1.2.4.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Now supports Gentoo Linux, adds a danger level to subject in email alerts, handles disk utilization directly, adds exclusion of loopback and local addresses from auto-blocking routines, and bug fixes. | | File Size: | 556482 | | Last Modified: | Oct 20 23:31:25 2003 |
| MD5 Checksum: | 28e4b32dab4ca168da622443b5d8036a |
|
| /// File Name: |
elfdoctor.c |
Description:
|
Scanner to look up infection techniques that can be used in ELF modules. Includes function hijacking, relocation files, etc. Runs on linux 2.4.X.
| | Author: | Pluf | | File Size: | 6983 | | Last Modified: | Sep 6 17:59:26 2003 |
| MD5 Checksum: | db05d4c0327d757747a9d31ff7f6a0ac |
|
| /// File Name: |
psad-1.2.2.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate.
| | Homepage: | http://www.cipherdyne.org | | Changes: | This release is available as an RPM package. | | File Size: | 426744 | | Last Modified: | Aug 27 02:40:02 2003 |
| MD5 Checksum: | 382190e3e20e4299848d60a2244bc121 |
|
| /// File Name: |
lkl-0.1.0.tar.gz |
Description:
|
LKL is a userspace keylogger that runs under linux x86/arch. LKL logs everything which passes through the hardware keyboard port (0x60). Keycode to ASCII translation is supported.
| | Author: | Carlo Comin | | Homepage: | http://www.spine-group.org/tool.htm | | Changes: | PS2 bug fixed, addition of US, French, and Dvorak keymaps. | | File Size: | 224804 | | Last Modified: | Aug 26 00:23:14 2003 |
| MD5 Checksum: | 249c2025295f1227f8cd660f7775d2f4 |
|
| /// File Name: |
kfencev1.2.c |
Description:
|
Kfence version 1.2 provides kernel protection against basic exploitation techniques, including stack and heap overflows and format string exploits, by patching /dev/kmem and redirecting system_call to test if the eip of the caller is in the wrong memory region.
| | Author: | ins1der | | Changes: | Added .bss exec protection, simplified shellcode, added a better struct extraction method, added support for all 2.2.x and 2.4.x kernels. | | File Size: | 7275 | | Last Modified: | Aug 25 23:27:17 2003 |
| MD5 Checksum: | 9aa3ccf1a93852710026277cd614db63 |
|
| /// File Name: |
Kfence.c |
Description:
|
Kfence provides kernel protection against basic exploitation techniques, including stack and heap overflows and format string exploits, by patching /dev/kmem and redirecting system_call to test if the eip of the caller is in the wrong memory region. Tested on Linux kernels 2.4.18-14 and 2.4.7-10.
| | Author: | ins1der | | File Size: | 6099 | | Last Modified: | Aug 10 18:21:17 2003 |
| MD5 Checksum: | c12aadfde8374d961c43c9fb2309870d |
|
| /// File Name: |
exitwound.tgz |
Description:
|
exitwound is a ptrace shared library redirection backdoor that is based on the technique described in Phrack 59-8. It attempts to redirect certain string handling routines commonly used in Internet services to trapdoored functions which yield a connect back shell on a specifically constructed passphrase. The benefits of this lie in the fact that no extra malicious processes or listening ports are needed, avoiding crude forms of forensic analysis.
| | Author: | salvia twist | | Homepage: | http://hack.batcave.net/ | | File Size: | 7219 | | Last Modified: | Aug 10 17:52:36 2003 |
| MD5 Checksum: | bd2c6717a90b9ab4bff89fab73ea1368 |
|
| /// File Name: |
SACscan.tar.gz |
Description:
|
SACscan is a basic portscanner much alike Nmap
| | Author: | Levent Kayan | | Homepage: | http://www.sac.cc | | File Size: | 1582 | | Last Modified: | Jul 25 15:43:17 2003 |
| MD5 Checksum: | a57aca5df7a776f1e660a86210a164de |
|
| /// File Name: |
Komahayown-0.2b.tgz |
Description:
|
Komahayown is a utility that makes use of the Syscall proxying idea using shellcodes. Instructions are in Spanish.
| | Author: | Matias Sedalo | | Homepage: | http://www.shellcode.com.ar | | File Size: | 70236 | | Last Modified: | May 28 03:34:12 2003 |
| MD5 Checksum: | 80276e945e930c244d18f1bce06d87fa |
|
| /// File Name: |
linuxrouting.txt |
Description:
|
The Linux networking code makes extensive use of hash tables to implement caches to support packet classification. One of these caches, the routing cache, can be used to mount effective denial of service attacks, using an algorithmic complexity attack.
| | Author: | Florian Weimer | | File Size: | 9431 | | Last Modified: | May 23 03:36:34 2003 |
| MD5 Checksum: | e6ff4115b0dde95e8f9bdd3a6c365337 |
|
| /// File Name: |
klgr.tgz |
Description:
|
klgr is a basic keylogger for Linux that loads as a module, but will hide from lsmod.
| | Author: | LynX | | Homepage: | http://rootteam.void.ru | | File Size: | 8597 | | Last Modified: | Apr 27 19:06:55 2003 |
| MD5 Checksum: | 0b56b0ecae612a6c4e8e8118112ff3c0 |
|
| /// File Name: |
lkl-0.0.4.tar.gz |
Description:
|
LKL is a userspace keylogger that runs under linux x86/arch. LKL logs everything which passes through the hardware keyboard port (0x60). Keycode to ASCII translation is supported.
| | Author: | Carlo Comin | | Homepage: | http://www.spine-group.org/tool.htm | | Changes: | Email feature added, code clean-up, debugging added, and more comments in the source code. | | File Size: | 223896 | | Last Modified: | Apr 21 14:25:42 2003 |
| MD5 Checksum: | f29bad21431551f7fae8ca8052e07638 |
|
| /// File Name: |
lkl-0.0.2.tar.gz |
Description:
|
LKL is a userspace keylogger that runs under linux x86/arch. LKL logs everything which passes through the hardware keyboard port (0x60). Keycode to ASCII translation is supported.
| | Author: | Carlo Comin | | Homepage: | http://www.spine-group.org/tool.htm | | File Size: | 222277 | | Last Modified: | Apr 18 04:11:50 2003 |
| MD5 Checksum: | 02dbbb6ab921bf88e431bbc154fdc01a |
|
| /// File Name: |
toby.c |
Description:
|
Toby.c is a Linux LKM which intercepts, logs, and stops the setuid, setreuid, and setresuid syscalls from users.
| | Author: | Sacrine | | Homepage: | http://netric.org | | File Size: | 3973 | | Last Modified: | Jan 9 04:03:17 2003 |
| MD5 Checksum: | abea47c5169b3e9846363fa5c0e0cde8 |
|
| /// File Name: |
memfetch.tgz |
Description:
|
Unavailable.
| | File Size: | 11907 | | Last Modified: | Dec 15 17:46:08 2002 |
| MD5 Checksum: | 54e7ecc38d63b2dc07b2e963d36181ac |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
