< Prev 1 2 3 4 5 6 7 Next >
Category: Access Control » user privileges
cage is a replacement for the chroot(8) utility. Like chroot, cage changes its root directory to the one specified and then executes your application. Before execing, however, cage drops all privileges that would allow the program to escape its jail.
TecSec®'s Constructive Key Management technology uniquely resolves critical information security and information management matters complicated by today's vastly networked world. The need to identify authorized users, protect and control sensitive information assets, and restrict access to information in compliance with privacy statutes and regulations has never been greater.
ClusterNFS is a set of patches for the "Universal NFS Daemon" (UNFSD) to allow multiple clients to nfs mount the same root filesystem by providing "tagged" filenames. When a client requests the file "/path/filename", the ClusterNFS server checks for the existence of files of the form "/path/filename$$TAG=value$$". If such a file exists and the client has a matching value for KEY, this file is returned. If the client does not have a matching value or no such file exists, the file request proceeds as normal. Currently supported keys include HOST (hostname), IP (IP number), CLIENT (matches any nfs client) and CREATE (for "tagged" creation of files).
Flash is an attempt to address the security problems associated with giving local unix users full shell access. It is a (hopefully) secure shell which will only execute administrator defined programs, while also being very user friendly. Flash is fully windowed (using an ncurses interface), is driven by cursor keys, has hotkey support, has fascist logging support and more.
The main goal of the Linux Trustees project is to create an advanced permission management system for Linux. The solution proposed is mainly inspired by the approach taken by Novell Netware and the Java security API. Special objects (called trustees) can be bound to every file or directory. The trustee object can be used to ensure that access to a file, directory, or directory with subdirectories is granted (or denied) to a certain user or group (or all except user or group). Trustees are like POSIX ACLs, but trustee objects can affect entire subdirectory trees, while ACLs a single file.
nss-pgsql is a name service switch (NSS) module using a PostgreSQL database as its backend. It is meant to completely replace the flat file structure in /etc for user and group management.
NSS-MySQL allows you to create Unix users or groups from a MySQL database. It features full passwd, group, and shadow support.
Electric Death Ferret
Electric Death Ferret is a PHP3 script for entering new domains and virtual hosts online so that they can be setup automagically by the included Perl daemon in both Apache, NcFTPd, and BIND. This also includes setup for suexec and also includes another PHP3 script for setting up system users. These system accounts are for dialup customers and mail-only accounts. There is also an option for creating aliases in Sendmail and for converting a full dialup account into a mail-only one (this is done by editing the RADIUS file).
Raw Sockets Disabler
A proof-of-concept release to temporally disable Winsock Raw Socket functionality in Windows NT, 2000 and XP systems. Note: Winsock Raw Sockets are only disabled when this application is running. They are *not* permanently disabled. No modifications are made to any Operating System files. This was released in response to recent publications from Gibson Research Corporation (GRC.com) regarding Raw Sockets, to prove that such functionality can be readily disabled.
DummyIdentd Server Daemon
DummyIdentd Server Daemon is a Perl program that accepts identd requests (port 113), and responds with a valid response, but giving out no useful information. It is written in Perl, and is suitable for running on company gateways/firewalls to enable your users to access services such as IRC, which require identd.
Browse by category