44 projects tagged "Linux"
Updated 29 Jan 2001
Astaro Portscan Detection
| Pop | 113.37 |
|---|---|
| Vit | 67.06 |
Astaro Portscan Detection is a netfilter target which will attempt to detect TCP and UDP port scans and log them to syslog. This target is based upon Solar Designer's scanlogd. It suppports mutliple levels of logging, custom prefixes for entries, weighted total port scan detection, and port scan temporal spread detection.
Updated 10 Mar 2002
Extended Attributes and ACLs for Linux
| Pop | 132.33 |
|---|---|
| Vit | 3.49 |
Linux, in the tradition of UNIX-like operating systems, implements file system permissions using a rather coarse scheme. While this is sufficient for a surprisingly large set of applications, it is too inflexible for many other scenarios. For that reason, all the major commercial UNIX operating systems have extended this simple scheme in one way or the other. This is an effort to implement POSIX-like Access Control Lists for Linux. Access Control Lists are built on top of Extended Attributes, which can also be used to associate other pieces of information with files such as Filesystem Capabilities, or user data like mime type and search keywords.
Updated 26 Jun 2002
fwup
| Pop | 68.28 |
|---|---|
| Vit | 2.62 |
Firewall is a set of scripts (firewall, fwup, and fwdown) that implement an ipchains firewall and various forms of network address and port translation. All you have to do is read the policy file and edit it to reflect your topology and filtering policy. It supports many different types of network topology (single host, traditional forwarding, masquerading, port forwarding, alias port forwarding and NAT), up to 10 untrusted interfaces each with their own policy, and over 50 network applications. It also supports centralised administration of multiple remote firewalls (meta-firewall).
Updated 27 Nov 2010
KBDlock
| Pop | 28.62 |
|---|---|
| Vit | 2.00 |
KBDlock is a patch that allows you to implement keyboard locking under Linux.
Updated 13 Dec 2007
Linux Intrusion Detection System
| Pop | 270.11 |
|---|---|
| Vit | 5.48 |
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
Updated 05 Jan 2002
Linux VPN Masquerade
| Pop | 76.55 |
|---|---|
| Vit | 2.74 |
Linux VPN Masquerade allows you to use an IPSec or PPTP VPN host (client or server) behind a Linux masquerading firewall. No more hogging the cable modem when you need to connect to the office network.
Updated 22 Feb 2002
LOMAC
| Pop | 47.11 |
|---|---|
| Vit | 3.86 |
LOMAC uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, trojan horses, malicious remote users, and compromised network server daemons. The LOMAC loadable kernel module can be used to harden Linux systems without any changes to existing kernels, applications, or configuration files. Due to its simplicity, LOMAC itself requires no configuration, regardless of the users and applications present on the system. Although some features and fixes remain to be implemented, LOMAC presently provides sufficient protection to thwart some attacks, and is stable enough for everyday use.
Updated 16 Apr 2002
Medusa DS9
| Pop | 55.27 |
|---|---|
| Vit | 3.28 |
Medusa DS9 is used to increase Linux's security. It consists of two major parts, Linux kernel changes and the user-space daemon. Kernel changes do the monitoring of syscalls, filesystem actions, and processes, and they implement the communication protocol. The security daemon communicates with the kernel using the character device to send and receive packets. It contains the whole logic and implements the concrete security policy. That means that Medusa can implement any model of data protection; it depends only on configuration file, which is in fact a program in the internal programming language, somewhat similiar to C.
Updated 09 Mar 2005
NSA Security-enhanced Linux
| Pop | 287.44 |
|---|---|
| Vit | 6.61 |
NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control architecture into the major subsystems of the kernel. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals.
Updated 18 Feb 2010
Openwall Linux kernel patch
| Pop | 254.22 |
|---|---|
| Vit | 16.03 |
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.
