Category: Hardening » FreeBSD
Jailkit is a suite to create and deploy chroot jails for user accounts and for daemons. It has several utilities to facilitate the setup of chroot jails and utilities to use and check existing jails.
OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis and correlation, integrity checking, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Solaris and Windows.
dotDefender secures websites against a broad range of HTTP-based attacks, including Session attacks (e.g. Denial of Service), Web application attacks (e.g. SQL injection, Cross-site scripting, and known attack signatures), as well as requests originating from known attack sources ( e.g. spammer bots and compromised servers). easily installed, dotDefender requires minimal administrator maintanance and updates via a "live update" functionality that keeps its rule set up to date, enabling it to secure the Web environment from the moment it is deployed. dotDefender is cost-effective and is available for a 30 day evaluation period at www.dotdefender.com
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.
High Performance Firewall
HPF is a firewall technology that is based on a compiled rules engine. It differs from other firewall engines in that the time spent on matching a rule is constant, and is not dependent on the number of rules in effect. This allows packets to be rejected or accepted in about 300 CPU cycles. HPF currently works under FreeBSD, but patches for other operating systems are planned.
suidcontrol is an experimental utility for managing suid/sgid policy under FreeBSD. The primary intent is to allow system managers to generate scripts to apply to new FreeBSD installations so that they can minimize risk associated with the plethora of tools requiring additional privilege to run.
Ridentd is a stand-alone replacement for identd that uses a random selection of a ispell dictionary to use as fake ident responses. This server application is meant for the totally paranoid that need access to servers that require ident and don't want to give any information about local users to the remote server or its other users.
Browse by category