SECURING YOUR UNIX SYSTEMS

  • White Papers
  • Tools
    • John the Ripper
      John the Ripper is a password cracker, currently available for UNIX, DOS, Win32. Its primary purpose is to detect weak UNIX passwords.
    • L0phtCrack
      Password Auditing and Recovery Application
    • exec.c
      exec.c 1.0.4 is a kernel module which logs all the commands executed on the system. Extremely powerful stealth logging made easy! Changes: This release fixes a memory allocation problem. Please update to the current version if you use the module. This module should work on 2.2.* kernels. By Pat Szuta
    • Virtual FTPD
      Virtual FTPD v6.4 is a secure FTP daemon which is derived from the OpenBSD ftp daemon and can allows virtual FTP accounts which do not have an /etc/passwd entry. For more information, here.
    • Snoopy
      Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity. Changes: Integrity checking, a new method of logging, and faster logging.
    • FPF
      FPF is a lkm for Linux which changes the TCP/IP stack in order to emulate other OS's TCP fingerprint. The package contains the lkm and a parser for the nmap file that let you choose directly the os you want. For more information, here.
    • Imsafe
      Imsafe is a host-based intrusion detection tool for Linux which does anomaly detection at the process level and tries to detect various type of attacks. Since Imsafe doesn't know anything about specific attacks, it can detect unknown and unpublished attacks or any other form of malicious use of the monitored application. Created for Linux systems but works on almost every UNIX flavor by watching strace outputs. Screenshots available here. Warning: Still in alpha. For more information, here.
    • IPtrap
      IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported. Changes: Logging the scanned port, and no more iptables/ipchains zombies. For more information, here.
    • LOMAC
      LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here. Changes: Added mediation of directory modification operations, improving protection. here.
    • Maxty
      Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.
  • Links
2009/08/27 11:31 2009/08/27 11:31

Trackback Address :: https://youngsam.net/trackback/860