< Prev 1 2 3 4 5 6 7 8 9 10 Next >
Category: System Security Management » Linux
pptp proxy forwards a PPTP VPN connection through a Linux firewall.
NARC (Netfilter Automatic Rules Configurator) is a free firewalling package for Netfilter/Iptables, released under the BSD license. It attempts to simplify the setup of a firewall (stateful packet filter) via the iptables tools. It is a bash shellscript that generates (hopefully) sensible and secure rules for Netfilter based on a simple configuration file. It features quick setup via a simple configuration file, connection tracking (and fragmentation reassembly), customized logging, probe detection (TCP & UDP), and much more.
Appcap is a tricky application for x86 Linux which allows an user with enough power (usually the superuser) on a machine to attach and redirect standard input and output of any application to his/her actual tty. In this way the superuser obtains an instrument for looking into ordinary users' sessions. This may be very useful if you suspect some of your users of doing nasty things from your machine.
Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on. Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no external modules. This means that you only need a Perl binary to run Webmin.
EchoWall is a firewall configuration package for creating an ipchains-based Linux firewall. It is optimized for the Linux Router Project (LRP), but was originally created for a Debian platform. EchoWall's aim is simplicity for entry-level users. It presumes the user is using a Linux box as a masquerading firewall/router for a single Class-C address range. It manages services in an interesting way: instead of indicating the IP addresses of machines you want to act as servers, you instead specify them by their MAC address. When run, the echowall script automatically detects the current IP address associated with this MAC address. This allows you to connect a service to a machine whose IP address is dynamically assigned.
capsel is a Linux kernel 2.2.x module designed to increase system security. It works with Linux capabilities and decreases number of suid binaries and daemons working with root privileges. It prevents breaking the chroot jail even for privileges processes. It also does additional security checks before executing new binaries to prevent users from taking control of their execution.
Current is a server implementation for Red Hat's up2date tools. It's designed for small to medium departments to be able to set up and run their own up2date server, feeding new applications and security patches to workstations/servers.
Stealth Kernel Patch
Stealth IP Stack is a kernel patch for Linux 2.2.18 which makes your machine almost invisable on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on UDP (Prevents UDP portscans), and restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on and off on the fly.
A small security module for Linux-2.2.19. Only works on Intel processors. It wraps execve() and checks so that the caller does not call from a writeable memory segment. Since most local (and many remote) exploits call execve() from the stack (and environment, which is also placed on the stack), which is writeable, it would prevent most standard exploits from working.
Lrp Network Monitor
Lrp Network Monitor is an applet/application that displays information about network devices on a Linux router. This information can be displayed either in plain text, or in graphical format (either bar-charts, line-charts, or a histogram). It also displays the status (online/offline) of ISDN-devices, and can trigger actions like dial or hangup.
Browse by category