Release Notes: This release improves compatibility with Linux distributions.
Release Notes: This version is intended for and has been tested on the Solaris 8/SPARC platform. 64-bit and 32-bit installations are supported.
Release Notes: Rolled back the Kernel Integrity software from Saint Michael. This introduces kernel integrity checking, and module support on systems that require module support. Added Read-Only /dev/kmem support. This does not effect the ability to load or unload modules. Eliminated the double-execve problem. New configuration script simplifies platform identification, and selection of compile-time options. Spelling corrections in numerous files and comments have been made.
Release Notes: Checks were updated, and compatibility with 2.4.3 was verified. A potential endless recursion that could occur under crafted conditions was identified and solved. A bug was fixed that could have caused a failed execution by a privileged process to cause its set of allowed programs to decrease by not detecting the execution failure. The risk of gaining privlage was not present due to the downward flow of privlages, however intended execution paths could be cut off as a result of a failed execve.
Release Notes: An improper IFDEF test in StJude_lkm.h would prevent compiles on 2.4.0 kernel. Fixed. StJude_Learning_Parser.pl would produce an output in some instances that could not be compiled. Non-SMP compiles under an SMP kernel has been fixed. If a process exec'd() without forking, and it was an override rule, then the first execution wouldn't be recorded through learning. This has been fixed.
Release Notes: Increases in usability and less unstability, compatibility with version 2.4.x (lockups and oopses with prior versions were resolved), updated instructions in the README, and a learning Parser to facilitate the generation of the Rulebase from the Learning Mode output (combined with the Override directive, remote root attacks may be thwarted).
Release Notes: This release addresses some problems on newer Linux distributions, including the include file <sys/mman.h> being changed to <linux/mman.h>, and the Makefile now explicitly defines where the Linux include files are.
Release Notes: A fix for a problem with 0.05 that would cause compiles to fail.
Release Notes: The patches to 0.04 have been incorporated into the new version. An additional response method, namely execution redirection, has been added. This permits the redirection of an attack to a predefined binary for additional forensic data collection, and (potentially) situation evaluation.
Release Notes: This release includes a fix for setuid non-root programs not resulting in un-privileging of the process in the state database if the program execve()'d another suid root process before forking, and the moved execve call has been trapdoored making it difficult to guess.