Section: .. / linux / security /
| /// File Name: |
spfx2.c |
Description:
|
spfx2.c is a linux kernel module which stops many exploits by protecting the system from code running on the stack. Works by limiting the use of key system calls to library functions. Although spfx2 does not prevent buffer-overflow related crashes, it does make it very difficult to break security with with a buffer-overflow attack, preventing most root compromises.
| | Author: | Nijen Rode | | File Size: | 4754 | | Last Modified: | Apr 19 17:48:19 2001 |
| MD5 Checksum: | 4672dab270ac42e0779ae8e7752cdbcb |
|
| /// File Name: |
stackshield0.7.tar.gz |
Description:
|
Stack Shield - A "stack smashing" technique protection tool for Linux. The "stack smashing" technique is the most common way used in exploits to break the security of programs. Stack Shield is a tool for adding protection to programs from this kind of attacks at compile time whitout changing a line of code. Stack Shield uses a more secure protection system than other tool like Immunix Stack Guard. Stack Shield is designed to support the GCC under a Linux Intel 386 class platform.
| | Author: | Vendicator | | Homepage: | http://www.angelfire.com/sk/stackshield/ | | File Size: | 17317 | | Last Modified: | Jan 7 17:42:41 2000 |
| MD5 Checksum: | a9bfc8664dce6ffe175fc19a74b38139 |
|
| /// File Name: |
stealth-2.2.17.diff |
Description:
|
Stealth IP Stack is a kernel patch for Linux 2.2.17 which makes your machine almost invisable on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on udp (Prevents UDP portscans), restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on ande off on the fly.
| | Author: | Robert Salizar | | Homepage: | http://www.energymech.net/madcamel/fm | | File Size: | 7725 | | Last Modified: | Sep 18 16:14:40 2000 |
| MD5 Checksum: | 0372ec661f9d9bcf82f9185203c75632 |
|
| /// File Name: |
stealth-2.2.18.diff |
Description:
|
Stealth IP Stack is a kernel patch for Linux 2.2.18 which makes your machine almost invisible on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on udp (Prevents UDP portscans), restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on and off on the fly.
| | Author: | Robert Salizar | | Homepage: | http://www.energymech.net/madcamel/fm | | Changes: | Ported to Linux 2.2.18. | | File Size: | 7043 | | Last Modified: | Dec 13 00:02:12 2000 |
| MD5 Checksum: | 50a37ed3eb2e15a3dcdd2d76310cada7 |
|
| /// Directory: |
/ stjude / |
Description:
|
Unavailable.
| | Total Files: | 15 | | Last Modified: | Sep 5 22:26:24 2007 |
|
| /// File Name: |
StMichael_LKM-0.01.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | File Size: | 3656 | | Last Modified: | May 8 18:47:08 2001 |
| MD5 Checksum: | caa99d3b4772a1cc15352b72f6680686 |
|
| /// File Name: |
StMichael_LKM-0.02.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Fixed an inverted match which could cause kernel to hang on attempt to unload StMichael. | | File Size: | 3769 | | Last Modified: | May 9 20:35:42 2001 |
| MD5 Checksum: | 531d16989e7b893bef78cffdbf033f81 |
|
| /// File Name: |
StMichael_LKM-0.03.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Added md5 checksums to the contents of system calls, added cloaking to hide the presence of StMichael, and its symbols. Since StMichael cause the rootkits to not work as expected, we do not want to give away any useful debugging information. | | File Size: | 9494 | | Last Modified: | Jun 5 18:53:13 2001 |
| MD5 Checksum: | 5b4c791c22c5fa58c904835a96f0389e |
|
| /// File Name: |
StMichael_LKM-0.04.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Added the SHA1 checksum to complement the md5's, added timers to periodically revalidate the kernel, added a configuration script, and added some demos which will trigger StMichael. | | File Size: | 18715 | | Last Modified: | Jul 11 05:01:54 2001 |
| MD5 Checksum: | 617e56ab882299f50e8b27bf0fd267f4 |
|
| /// File Name: |
StMichael_LKM-0.05.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Added Checks to Detect modules hiding their presence, Added Read-Only /dev/kmem, and Added VFS checking. | | File Size: | 23606 | | Last Modified: | Jul 12 04:16:03 2001 |
| MD5 Checksum: | fda543690273352eaa367dd9d0fbdb92 |
|
| /// File Name: |
StMichael_LKM-0.06.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Began code and signature obfuscation work to conceal commonly found strings, Introduced permanent immutability to files on ext2 fs, and other misc code beautification. | | File Size: | 27115 | | Last Modified: | Oct 24 23:57:23 2001 |
| MD5 Checksum: | 9f0d2f9612b1daa97a68c9678fde0348 |
|
| /// File Name: |
StMichael_LKM-0.07.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Fixed a serious bug that could cause a kernel Oops if StMichael was not the first module loaded into the system. | | File Size: | 25698 | | Last Modified: | Oct 30 03:19:16 2001 |
| MD5 Checksum: | e5cb4205fd25c95563a84be8b4fa8cf6 |
|
| /// File Name: |
StMichael_LKM-0.08.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Addition of ability to restore a system attacked using kernel modification techniques such as a Silvio Stealth syscall by reloading the kernel without a reboot. Addition of Checks to detect the possible subversion of the kernel at loadtime. Now does Full Kernel Text Validation. | | File Size: | 30545 | | Last Modified: | Jan 22 00:37:53 2002 |
| MD5 Checksum: | 56b40532ec8f1f3089de8ec4fe7f5f4f |
|
| /// File Name: |
StMichael_LKM-0.10.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Really Immutable filesystem support for ext3 fs added, Added in Kernel Licensing Code to Identify the Kernel License for newer kernels, Backup kernel is now obscured from string searches using the weak crypt function, Added needed modifications to support the newer Alan Cox Kernels, with the different VM system, fixed lots of compilation issues, and better docs. | | File Size: | 31492 | | Last Modified: | Mar 30 14:03:13 2002 |
| MD5 Checksum: | 16b42d7707d5dfa25214d8cd3768e7fa |
|
| /// File Name: |
StMichael_LKM-0.11.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Addition of Self Integrity Checks to Detect Attacks Against StMichael itself. Added of configuration options to hard-code memory offsets into the source instead of discovery during load time, permitting loading of Stmichael from an initrd, before init spawns and the filesystems are mounted. | | File Size: | 36028 | | Last Modified: | Aug 7 01:47:01 2002 |
| MD5 Checksum: | 77d653c5a129e32c59d85ef1451358d5 |
|
| /// File Name: |
StMichael_LKM-0.11.tar.gz.sig |
Description:
|
StMichael LKM 0.11 GPG signature. Gpg key is available from the public keyservers or from my webpage here.
| | File Size: | 65 | | Last Modified: | Aug 7 01:49:10 2002 |
| MD5 Checksum: | 5d92414f11a72add56ef18810e738c70 |
|
| /// File Name: |
StMichael_LKM-0.12.tar.gz |
Description:
|
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | StJude/StMichael now has Rodrigo Rubira Branco as its new maintainer. This release fixes compilation problems with 2.4 kernels and also support MBR checksums. | | File Size: | 40651 | | Last Modified: | Oct 27 01:32:17 2005 |
| MD5 Checksum: | f313063dc584e55fdafe538507128366 |
|
| /// File Name: |
StMichael_LKM-0.13-k2.6.tar.gz |
Description:
|
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Special 2.6 release for Defcon. Intended for developers who want to help improve the project but no longer care to work on the 2.4 kernel related release. | | File Size: | 198786 | | Last Modified: | Aug 17 05:03:30 2006 |
| MD5 Checksum: | 44ecd426b3f7a5cb9de7cda5bb696bce |
|
| /// File Name: |
StMichael_LKM-0.13.tar.gz |
Description:
|
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Last release under the 2.4 kernel series. Only bug fixes will be made after this point. | | File Size: | 40668 | | Last Modified: | Aug 17 05:02:31 2006 |
| MD5 Checksum: | b6a8b2beb27ce81cd202593b35c71df7 |
|
| /// File Name: |
SuSEcompartment-0.5.tar.gz |
Description:
|
SuSE Compartment is a program to build secure compartments for running untrsted/insecure programs, and has got the usual uid/gid setting and chrooting abilitity, but the nice thing is the easy access to linux per process capabilities.
| | Author: | Marc | | Homepage: | http://www.suse.de/~marc | | File Size: | 11745 | | Last Modified: | Jan 4 03:49:07 2000 |
| MD5 Checksum: | 36dba996d9a965fbdfaa8da84ed672fb |
|
| /// File Name: |
syscalltrack-0.60.tar.gz |
Description:
|
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | File Size: | 97246 | | Last Modified: | Sep 18 22:33:47 2001 |
| MD5 Checksum: | 8b677826ff04e2ccaf306387f3bcee6c |
|
| /// File Name: |
syscalltrack-0.64.tar.gz |
Description:
|
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Better support for filter expressions, better error messages, Unary operators ('~', '!') are now working. Fixed some crash bugs and memory leaks. | | File Size: | 168734 | | Last Modified: | Dec 8 23:18:51 2001 |
| MD5 Checksum: | d79f3e7472347cd637a544d6fb80a6ec |
|
| /// File Name: |
syscalltrack-0.66.6.tar.gz |
Description:
|
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | New process parameters PPID and PCOMM, a fix for a bug where filter expressions with '!' or '~' weren't parsed correctly, and a fix for a bug where if the filter expression first token was a '(' it looped endlessly because it never advanced to the next token. | | File Size: | 191492 | | Last Modified: | Jan 7 21:23:07 2002 |
| MD5 Checksum: | 08da34eda3066559dde39f6ae9b58027 |
|
| /// File Name: |
syscalltrack-0.70.tar.gz |
Description:
|
Syscall Tracker is a very powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. It includes a kernel module plus a userspace applications. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Supports a type-cast for 'struct' syscall parameters (useful for socket calls), 'fail syscall' actions, convenience-macros in rule config files, experimental device-driver control support, 'log_format' definition per rule, and some new syscalls (waitpid, close, creat). Major bugfixes include fixes for white-space parsing, a small memory leak when deserializing 'log' actions, and a bug in the kernel module that could leave dangling function pointers. | | File Size: | 225097 | | Last Modified: | Feb 26 22:56:09 2002 |
| MD5 Checksum: | c1af0ff5ce13f54b26696efca2642ecb |
|
| /// File Name: |
syscalltrack-0.71.tar.gz |
Description:
|
Syscall Tracker is a very powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. It includes a kernel module plus a userspace applications. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Support was added for constants when specifying matching rules, for example, O_RDONLY, O_EXCL, and friends for open(2). Support was added for octal/hex numbers in filter expressions. Assorted internal cleanups, code refactoring, bugfixes, and memory leak plugs were done. | | File Size: | 248656 | | Last Modified: | Jun 3 00:26:20 2002 |
| MD5 Checksum: | 5541a2534f5976c0cf6b8469b82fa032 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
