|
Chroot Safe
|
|
Hits: 1 |
|
Date added: 07/29/2007 |
|
chroot_safe is a tool to chroot any dynamically linked application in a safe and sane manner. It is designed to replace chroot and su nobody -c while at the same time addressing some of the major shortcomings of these tools. It was originally designed for chrooting anoncvs servers in an easy and foolproof manner, but is equally useful numerous other applications where you need chroot for security. |
|
|
|
|
|
|
EncFS Encrypted Filesystem Source v1.3.2
|
|
Hits: 1 |
|
Date added: 07/30/2007 |
|
EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. EncFS is open source software, licensed under the GPL.
As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks; ie your notebook or backups fall into the wrong hands, etc. The way Encfs works is different from the “loopback” encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device. This is a big advantage in some ways, but does not come without a cost. |
|
|
|
|
|
|
Linux sysmask v1.08
|
|
Hits: 4 |
|
Date added: 08/03/2007 |
|
Sysmask is a security solution designed for Linux systems. It can protect
the system integrity against vulnerabilities in the great majority of codes,
whether known or unknown, patched or non-patched, in user programs,
libraries or the kernel.
Sysmask can be configured to restrict the access of a process or a user to
system resources: files, sockets, devices, system calls, disk space, memory
usage. The restriction policy can be defined with great precision, sometimes
contextual. Processes with tightly restricted access rights may continue to
do their normal work as before, but if they are compromised, the malicious
code that gets run will be unable to harm the system except for the job that
is assigned to the compromised process.
A fully deployed sysmask can protect the system against any vulnerability
except those in a small portion of the kernel, which is historically very
solid, plus those in the sysmask package itself.
With respect to other security solutions, several novel features have been
introduced in sysmask.
1. It offers protection against most kernel vulnerabilities that occur or
will occur in practice, by allowing selective closure of unused system
calls and activities for untrusted processes or users.
2. Using configuration definitions with a simple user-friendly syntax,
interactive security reactions can be defined in various ways, leading to
flexible and highly customizable security schemes without the need to
recompile existing softwares nor even to modify their configurations.
Custom interactive reactions greatly enhance the security level, as the
system behavior becomes unpredictable to outside attackers with no knowledge
of these reactions.
3. It can protect against both system level risks (unauthorized accesses
etc.) and user level risks (viruses etc.), and includes efficient resource
consumption limitations that overcome the shortcomings of traditional rlimit
setups.
4. It supports runtime reconfiguration with a menu-based user interface that
accepts feedback configuration.
Sysmask introduces only minimal or negligeable performance overhead, except
for a few programs under special conditions and requiring highly selective
protection.
The package of sysmask is also very simple and compact, with its critical
parts independent of outside codes (libraries), minimizing the probability
of bugs contained in the package itself.
Sysmask allows you to radically reduce the need to update your system
components for security reasons, because you can now live with
vulnerabilities without being hurt. Traditional anti-virus scanners are no
longer needed, let alone the need to update them, because sysmask can
prevent any virus from being installed. |
|
|
|
|
|
Lidstools v2.2.7.2
|
|
Hits: 1 |
|
Date added: 08/06/2007 |
|
LIDS is an enhancement for the Linux kernel written by Xie Huagang and Philippe Biondi. It implements several security features that are not in the Linux kernel natively. Some of these include: mandatory access controls (MAC), a port scan detector, file protection (even from root), and process protection. |
|
|
|
|
|
|
EncFS Encrypted Filesystem v1.3.2
|
|
Hits: 1 |
|
Date added: 08/10/2007 |
|
EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. EncFS is open source software, licensed under the GPL.
As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks; ie your notebook or backups fall into the wrong hands, etc. The way Encfs works is different from the “loopback” encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device. This is a big advantage in some ways, but does not come without a cost. |
|
|
|
