48 projects tagged "Security"
Updated 15 Dec 2003
/dev/random for HP-UX 11.00
| Pop | 43.85 |
|---|---|
| Vit | 1.43 |
/dev/random for HP-UX 11.00 provides a device driver that generates high-quality random numbers.
Updated 01 Sep 2005
Accessfs
| Pop | 49.84 |
|---|---|
| Vit | 1.95 |
Accessfs is a file system to manage permissions. It is not very useful on its own. You need to load other modules like "User permission based IP ports" or "User permission based capabilities". With these modules there's no need anymore for most Internet daemons to run as root.
Updated 29 Jan 2001
Astaro Portscan Detection
| Pop | 113.37 |
|---|---|
| Vit | 67.06 |
Astaro Portscan Detection is a netfilter target which will attempt to detect TCP and UDP port scans and log them to syslog. This target is based upon Solar Designer's scanlogd. It suppports mutliple levels of logging, custom prefixes for entries, weighted total port scan detection, and port scan temporal spread detection.
Updated 10 Oct 2004
Capability Override LSM
| Pop | 55.86 |
|---|---|
| Vit | 2.57 |
The Capability Override LSM is a Linux kernel module which, when installed, gives processes running with certain (admin-configured) user or group IDs access to one or more POSIX.1e capabilities.
Updated 07 Feb 2005
Cryproc
| Pop | 20.00 |
|---|---|
| Vit | 1.00 |
Cryproc is module for the Linux 2.6 kernel that allows user space programs to access the kernel's cryptographic functions. When loaded, the module creates a file called "cryproc" in the /proc filesystem. Applications can open this file read-write and instruct the kernel to perform some of the functions the CryptoAPI provides. A sample application, cryproc-tool, is provided.
Updated 19 Mar 2011
Dazuko
| Pop | 102.37 |
|---|---|
| Vit | 6.20 |
The Dazuko project provides a virtual device driver allowing (userland) applications to execute online file access control. It was originally developed by Avira GmbH (formerly known as H+BEDV Datentechnik GmbH) to allow on-access virus scanning. Other uses include a file-access monitor/logger or external security tools. Dazuko operates by intercepting file access calls and passing the file information to a userland application. The application then has the opportunity to tell the virtual device driver to allow or deny the file access. The application also receives information about the file access event, such as accessed file name, type of access, process id, and user id.
Updated 09 Apr 2004
Enforcer
| Pop | 50.40 |
|---|---|
| Vit | 1.79 |
Enforcer is a Linux security module designed to help improve integrity of a computer running Linux. The Enforcer provides a subset of Tripwire-like functionality. It runs continuously and as each protected file is opened its SHA1 is calculated and compared to a previously stored value. The Enforcer is designed to integrate with TCPA hardware to provide a secure boot when booted with a TCPA enabled boot loader. TCPA hardware can protect secrets and other sensitive data (for example, the secrets for an encrypted loopback file system) and bind those secrets to specific software.
Updated 10 Mar 2002
Extended Attributes and ACLs for Linux
| Pop | 132.33 |
|---|---|
| Vit | 3.49 |
Linux, in the tradition of UNIX-like operating systems, implements file system permissions using a rather coarse scheme. While this is sufficient for a surprisingly large set of applications, it is too inflexible for many other scenarios. For that reason, all the major commercial UNIX operating systems have extended this simple scheme in one way or the other. This is an effort to implement POSIX-like Access Control Lists for Linux. Access Control Lists are built on top of Extended Attributes, which can also be used to associate other pieces of information with files such as Filesystem Capabilities, or user data like mime type and search keywords.
Updated 12 Jul 2004
Gircap
| Pop | 27.86 |
|---|---|
| Vit | 56.89 |
Gircap is a set of tools to help you use the widely unknown "capabilities" that Linux has in place of conventional Unix superuser privilege. That means you can give programs and processes only as much privilege as they need and greatly limit your security exposure due to system bugs. A Linux kernel patch fixes some basically broken aspects of capabilities. setcap and getcap let you set and show capabilities of a running process. capexec runs a program with certain capabilities, UID, GID, and supplemental GIDs. It can be used to have init start a daemon with only a subset of init's privileges. binfmt_capx is an executable interpreter in the form of a loadable kernel module. It lets you do a setuid kind of thing for files, only with fine grained capabilities. This is a cheap substitute for real "file capabilities."
Updated 12 Jul 2006
HAVEGE
| Pop | 27.37 |
|---|---|
| Vit | 1.00 |
HAVEGE (HArdware Volatile Entropy Gathering and Expansion) is a user-level software unpredictable random number generator for general-purpose computers that exploits modifications of the internal volatile hardware states as a source of uncertainty. It combines on-the-fly hardware volatile entropy gathering with pseudo-random number generation. The internal state includes thousands of internal volatile hardware states and is merely unmonitorable. It can support several hundreds of megabits per second on current workstations and PCs.
