Section: .. / linux / security /
| /// File Name: |
umbrella-0.6.tar.bz2 |
Description:
|
The Umbrella security mechanism implements a combination of process-based Mandatory Access Control (MAC) and authentication of files through Digital Signed Binaries (DSB) for Linux based consumer electronics devices ranging from mobile phones to settop boxes. Umbrella is implemented on top of the Linux Security Modules (LSM) framework. The MAC scheme is enforced by a set of restrictions on each process. This policy is distributed with a binary in form of execute restrictions (in the file signature) and within the program, where the developer has the opportunity of making a restricted fork.
| | Homepage: | http://umbrella.sourceforge.net/ | | Changes: | Complete integration with GNU Privacy Guard to authenticate binaries. Hash tables for storing restrictions is replaced by the new, fast and simple FSR data structure, that mimics the 'dentry' structs in the kernel. The Umbrella system call is eliminated and completely replaced by a /proc filesystem interface. The Umbrella code is now completely independent of all architectures and kernel subversions. | | File Size: | 166919 | | Last Modified: | Mar 22 01:12:59 2005 |
| MD5 Checksum: | 9cebc8b0fdf122d8b1079c29ec3a5d18 |
|
| /// File Name: |
rsbac-v1.2.4.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Fully access controlled kernel level user and group management, transaction support for administration. | | File Size: | 498358 | | Last Modified: | Feb 28 01:12:23 2005 |
| MD5 Checksum: | f6227bed8d1328c39a78a6d09f2f7602 |
|
| /// File Name: |
zm-1.20.1.tar.gz |
Description:
|
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
| | Author: | Philip Coombes | | Homepage: | http://www.zoneminder.com | | Changes: | Mostly bug fixes, large and small with a couple of minor features included. | | File Size: | 690519 | | Last Modified: | Feb 6 00:42:38 2005 |
| MD5 Checksum: | e83e4e643785acc3ad91731e87452c4c |
|
| /// File Name: |
zm-1.20.0.tar.gz |
Description:
|
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
| | Author: | Philip Coombes | | Homepage: | http://www.zoneminder.com | | Changes: | Improved and added features, several minor bugfixes. | | File Size: | 679085 | | Last Modified: | Jan 22 15:39:17 2005 |
| MD5 Checksum: | f093eb37c84859f7d90be08b4ce3be96 |
|
| /// File Name: |
linux-2.4.29-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Adds a number of security fixes, including to the x86/SMP page fault handler and the uselib(2) race conditions, both discovered by Paul Starzetz. | | File Size: | 31342 | | Related CVE(s): | CAN-2004-1235, CAN-2005-0001 | | Last Modified: | Jan 22 15:29:26 2005 |
| MD5 Checksum: | b300f3d45f699f2cdc7bfee417dd4e26 |
|
| /// File Name: |
pam_usb-0.3.2.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | Will try to autodetect /dev/sdN devices (not just /dev/sdNX). Fixed a bug that happened when the application using PAM did not set PAM_TTY correctly. Added the use_first_pass and try_first_pass options. Now if you enter your password on another PAM module (such as pam_mount or pam_ssh), pam_usb will use that password to decrypt the private key. | | File Size: | 26659 | | Last Modified: | Jan 16 01:37:06 2005 |
| MD5 Checksum: | e3e011e54b992a3c0330f825609fb07d |
|
| /// File Name: |
listener-0.8.tgz |
Description:
|
This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
| | Author: | Folkert van Heusden | | Homepage: | http://www.vanheusden.com/listener/ | | Changes: | Added external filter support. | | File Size: | 15272 | | Last Modified: | Dec 31 17:34:14 2004 |
| MD5 Checksum: | bb99dc9d440bd6a1c08f3470f5163bda |
|
| /// File Name: |
motiontrack-0.1.3.tar.gz |
Description:
|
Motiontrack is a set of tools that detects motion between two images. It is able to successfully distinguish random flicker from real object movement by applying a set of filters to the images, and can optionally ignore given colors and/or image regions. The roadmap provides for being able to identify objects by pattern detection and AI routines. Currently, this tool is able to turn line-art images into ASCII-art text as a demo feature.
| | Author: | Corvus V Corax | | Homepage: | http://motiontrack.sourceforge.net/ | | Changes: | Added SMP support. | | File Size: | 136592 | | Last Modified: | Dec 11 15:27:26 2004 |
| MD5 Checksum: | d5ac6bd18bdf4dae8c552d0b2707395e |
|
| /// File Name: |
listener-0.6.tgz |
Description:
|
This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
| | Author: | Folkert van Heusden | | Homepage: | http://www.vanheusden.com/listener/ | | Changes: | One can now configure several parameters via the commandline. | | File Size: | 8402 | | Last Modified: | Dec 11 15:25:14 2004 |
| MD5 Checksum: | 6c71df6f7b32eeec9a4db487179e539d |
|
| /// File Name: |
umbrella-0.5.1.tar.bz2 |
Description:
|
The Umbrella security mechanism implements a combination of process-based Mandatory Access Control (MAC) and authentication of files through Digital Signed Binaries (DSB) for Linux based consumer electronics devices ranging from mobile phones to settop boxes. Umbrella is implemented on top of the Linux Security Modules (LSM) framework. The MAC scheme is enforced by a set of restrictions on each process. This policy is distributed with a binary in form of execute restrictions (in the file signature) and within the program, where the developer has the opportunity of making a restricted fork.
| | Homepage: | http://umbrella.sourceforge.net/ | | Changes: | Fixed a memory allocation bug. | | File Size: | 28397 | | Last Modified: | Dec 11 15:21:11 2004 |
| MD5 Checksum: | 23c9015571cf975a65338feed9e3ba8b |
|
| /// File Name: |
psad-1.4.0.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | p0f-style passive OS fingerprinting has been added through the use of the OPT field in iptables log messages. There is a bugfix for iptables log messages that include TCP sequence numbers, in addition to other bug fixes. | | File Size: | 614173 | | Last Modified: | Nov 28 14:40:13 2004 |
| MD5 Checksum: | f932bc9063810a8798fbc4c9730be9a4 |
|
| /// File Name: |
linux-2.4.28-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | 2.4.28-ow1 fixes a number of security-related bugs, including the local root ELF loader vulnerabilities discovered by Paul Starzetz, a race condition with reads from Unix domain sockets (potential local root), and smbfs support vulnerabilities discovered by Stefan Esser (remote DoS by a malicious smbfs server; potential: remote root by a malicious smbfs server). | | File Size: | 34715 | | Last Modified: | Nov 24 00:04:10 2004 |
| MD5 Checksum: | a17719c83b71c328ef92b53761f3819a |
|
| /// File Name: |
lsat-0.9.2.tgz |
Description:
|
The Linux Security Auditing Tool (LSAT) is a post install security auditor for Linux/Unix. It checks many system configurations and local network settings on the system for common security/config errors and for packages that are not needed. It (for now) works under Linux (x86: Gentoo, RedHat, Debian, Mandrake; Sparc: SunOS (2.x), Redhat sparc, Mandrake Sparc; Apple OS X).
| | Homepage: | http://usat.sourceforge.net | | File Size: | 71565 | | Last Modified: | Nov 4 01:40:28 2004 |
| MD5 Checksum: | 0435a69e54e0f18b1a425bfc2c3abb17 |
|
| /// File Name: |
mvc-0.8.9.tar.gz |
Description:
|
MVC is a text mode v4l video capture program that features motion detection. It is very small and easy to use, and could be used to monitor and record the people that enter your room.
| | Author: | Merlin | | Homepage: | http://www.turbolinux.com.cn/~merlin/mvc/ | | Changes: | Bug fix release. | | File Size: | 31881 | | Last Modified: | Nov 1 20:49:00 2004 |
| MD5 Checksum: | d1bb2b59f1ed45d261ee2a1683a1f42d |
|
| /// File Name: |
dazuko-2.0.4.tar.gz |
Description:
|
Dazuko is a kernel module which provides 3rd-party applications with an interface for file access control. Useful for on-demand virus scanning, as a file-access monitor/logger or external security implementations. It operates by intercepting file-access calls and passing the file information to a 3rd-party application. The 3rd-party application then has the opportunity to tell the kernel module to allow or deny the file-access. The 3rd-party application also receives information about the file, such as type of access, process ID, user ID, etc.
| | Author: | John Ogness | | Homepage: | http://www.dazuko.org | | Changes: | 2.0.4 has now been officially released. This version represents a major improvement over 2.0.3 for Linux 2.6 users. It also includes many new features for FreeBSD 4 and FreeBSD 5. | | File Size: | 100126 | | Last Modified: | Nov 1 14:54:26 2004 |
| MD5 Checksum: | e16da48766eaaf58550809fb0f6dbbef |
|
| /// File Name: |
motiontrack-0.1.2.tar.gz |
Description:
|
Motiontrack is a set of tools that detects motion between two images. It is able to successfully distinguish random flicker from real object movement by applying a set of filters to the images, and can optionally ignore given colors and/or image regions. The roadmap provides for being able to identify objects by pattern detection and AI routines. Currently, this tool is able to turn line-art images into ASCII-art text as a demo feature.
| | Author: | Corvus V Corax | | Homepage: | http://motiontrack.sourceforge.net/ | | Changes: | Speed and documentation improvements, executables have been renamed, the sectorcheck now outlines sectors with detected movement in its output image. | | File Size: | 129818 | | Last Modified: | Oct 27 00:51:01 2004 |
| MD5 Checksum: | f364521a0d693e5e165b79670b46b8a2 |
|
| /// File Name: |
psad-1.3.4.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Added bidirectional iptables auto-blocking support for all chains. Added init script for Fedora systems, fixed some bugs, and added some new command line options. | | File Size: | 602480 | | Last Modified: | Oct 26 01:57:37 2004 |
| MD5 Checksum: | e1675b904ce9ece9782288ad656b1dde |
|
| /// File Name: |
zm-1.19.5.tar.gz |
Description:
|
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
| | Author: | Philip Coombes | | Homepage: | http://www.zoneminder.com | | Changes: | Various updates and fixes. | | File Size: | 635045 | | Last Modified: | Sep 30 04:13:26 2004 |
| MD5 Checksum: | dc8502c92fa7b9802d1efbaf2198ff42 |
|
| /// File Name: |
s4g-0.8.1.tgz |
Description:
|
Sandbox for Grids (s4g) is a Linux user-mode sandbox. It offers a secure execution environment for suspicious applications. Written in C, it tries to solve some typical problems of quarantine applications: efficiency and security.
| | Author: | Tangui Morlier | | Homepage: | http://www.lri.fr/~tmorlier/S4G/ | | Changes: | Correction of specific distribution bugs: s4g should now compile fine on RedHat and Slackware. | | File Size: | 18297 | | Last Modified: | Sep 29 02:50:08 2004 |
| MD5 Checksum: | 9ef8e7704925ec4920c74f9615d5715f |
|
| /// File Name: |
psad-1.3.3.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Automatic danger level assignments were fixed. The ability to ignore both ranges and specific ports/protocols was added with a new variable, IGNORE_PORTS in psad.conf. Many bugs were fixed. | | File Size: | 477616 | | Last Modified: | Sep 21 03:37:09 2004 |
| MD5 Checksum: | c8154e4ba9cc907513e76131814bc32f |
|
| /// File Name: |
s4g-0.8.tgz |
Description:
|
Sandbox for Grids (s4g) is a Linux user-mode sandbox. It offers a secure execution environment for suspicious applications. Written in C, it tries to solve some typical problems of quarantine applications: efficiency and security.
| | Author: | Tangui Morlier | | Homepage: | http://www.lri.fr/~tmorlier/S4G/ | | File Size: | 17862 | | Last Modified: | Sep 17 02:14:55 2004 |
| MD5 Checksum: | fb0db7064e5ad0e97f2fcbfac5cfa103 |
|
| /// File Name: |
linux-2.4.27-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | New kernel, new patch. | | File Size: | 33467 | | Last Modified: | Aug 14 13:24:43 2004 |
| MD5 Checksum: | 6eb45801c030877e3123a964552ad840 |
|
| /// File Name: |
linux-2.4.26-ow3.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Corrects the access control check in the Linux kernel which previously wrongly allowed any local user to change the group ownership of arbitrary NFS-exported/imported files (CAN-2004-0497). Also adds a workaround for the file offset pointer races (CAN-2004-0415). | | File Size: | 36303 | | Related CVE(s): | CAN-2004-0497, CAN-2004-0415 | | Last Modified: | Aug 10 03:48:46 2004 |
| MD5 Checksum: | a28962d6839f5f2511f28978393407c1 |
|
| /// File Name: |
pam_usb-0.3.1.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | Various fixes. | | File Size: | 26626 | | Last Modified: | Aug 5 02:05:07 2004 |
| MD5 Checksum: | 4755ebf481d0732c5b5edbf3987a8dd4 |
|
| /// File Name: |
psad-1.3.2.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Bug fixes and other improvements. | | File Size: | 597119 | | Last Modified: | Jul 13 09:12:00 2004 |
| MD5 Checksum: | fee10436b38f0232d5f2556ee7809631 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
