RSS 44 projects tagged "Linux"

No download Website Updated 29 Jan 2001 Astaro Portscan Detection

Screenshot
Pop 107.68
Vit 69.47

Astaro Portscan Detection is a netfilter target which will attempt to detect TCP and UDP port scans and log them to syslog. This target is based upon Solar Designer's scanlogd. It suppports mutliple levels of logging, custom prefixes for entries, weighted total port scan detection, and port scan temporal spread detection.

Download No website Updated 12 Jul 2004 Gircap

Screenshot
Pop 26.53
Vit 59.72

Gircap is a set of tools to help you use the widely unknown "capabilities" that Linux has in place of conventional Unix superuser privilege. That means you can give programs and processes only as much privilege as they need and greatly limit your security exposure due to system bugs. A Linux kernel patch fixes some basically broken aspects of capabilities. setcap and getcap let you set and show capabilities of a running process. capexec runs a program with certain capabilities, UID, GID, and supplemental GIDs. It can be used to have init start a daemon with only a subset of init's privileges. binfmt_capx is an executable interpreter in the form of a loadable kernel module. It lets you do a setuid kind of thing for files, only with fine grained capabilities. This is a cheap substitute for real "file capabilities."

Download Website Updated 15 Jul 2007 UidSEC

Screenshot
Pop 15.81
Vit 49.69

UidSEC is an LSM (Linux Security Module) that extends the standard UN*X "resource protection" model by adding some features useful for untrusted multiuser systems. It can deny usage of dmesg to unprivileged users, hide processes of "other users" to unprivileged users, deny access to /sys and /config to unprivileged users, and protect usage of the bind() syscall using UidBIND.

No download Website Updated 03 Nov 2008 sniffy

Screenshot
Pop 26.23
Vit 44.62

The sniffy project can trace/log the data of any pseudo terminal in the system. Due to the way the terminal works, such a terminal trace provides complete information of what happened on the terminal screen, and sniffy is able to display/replay this information. It consists of a kernel module able to connect/hook on the pseudo terminal, a program to display the contents of any pseudo terminal on the fly, a daemon process tracing the pseudo terminal content into the file, and a replay program to replay any stored pseudo terminal session.

Download No website Updated 16 Feb 2014 ipt_pkd

Screenshot
Pop 428.80
Vit 25.06

ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.

Download Website Updated 18 Feb 2010 Openwall Linux kernel patch

Screenshot
Pop 236.35
Vit 14.60

The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.

No download Website Updated 13 Dec 2007 grsecurity

Screenshot
Pop 323.39
Vit 11.71

grsecurity is a complete security system for Linux 2.4 and 2.6 that implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs via its Role-Based Access Control system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features. It was written for performance, ease-of-use, and security. The RBAC system has an intelligent learning mode that can generate least privilege policies for the entire system with no configuration. All of grsecurity supports a feature that logs the IP of the attacker that causes an alert or audit.

Download Website Updated 01 Mar 2013 Tin Hat

Screenshot
Pop 114.16
Vit 10.06

Tin Hat is a Linux distribution derived from hardened Gentoo. It aims to provide a very secure, stable, and fast desktop environment that lives purely in RAM. Tin Hat boots from CD, or optionally USB pen drive, but it is not a LiveCD in that it does not mount any file system from the boot device. Rather, Tin Hat employs a massive squashfs image which expands into tmpfs upon booting. This makes for long boot times, but remarkable speeds during human-computer interaction.

Download Website Updated 02 Apr 2007 Linux-VServer

Screenshot
Pop 244.38
Vit 8.55

Linux-VServer allows you to create virtual private servers and security contexts which operate like a normal Linux server, but allow many independent servers to be run simultaneously in one box at full speed. All services, such as ssh, mail, Web, and databases, can be started on such a VPS, without modification, just like on any real server. Each virtual server has its own user account database and root password and doesn't interfere with other virtual servers.

No download Website Updated 23 Dec 2011 grml

Screenshot
Pop 109.57
Vit 7.20

Grml is a live system (live CD) based on Debian. It includes a collection of GNU/Linux software especially for system administrators and users of texttools. It provides automatic hardware detection and its default shell is the zsh. You can use it e.g. as a rescue system, for analyzing systems/networks, or as a working environment. It is not necessary to install anything to a hard disk; you don't even need a hard disk to run it. Due to on-the-fly decompression, it includes more than 2 GB of software and documentation on the CD.

Screenshot

Project Spotlight

mkgmap

A program to create maps for Garmin devices from OpenStreetMap data.

Screenshot

Project Spotlight

ddpt

A dd command variant for disks with large I/O support.