Описания программных продуктов
LinSec team is proud to announce the first stable release of LinSec.
LinSec, as the name says, is Linux Security Protection System. The main aim
of LinSec is to introduce Mandatory Access Control (MAC) mechanism into
Linux (as opposed to existing Discretionary Access Control mechanism).
LinSec model is based on:
* Filesystem Access Domains
* IP Labeling Lists
* Socket Access Control
As for Capabilities, LinSec heavily extends the Linux native capability
model to allow fine grained delegation of individual capabilities to both
users and programs on the system. No more allmighty root!
Filesystem Access Domain subsystem allows restriction of accessible
filesystem parts for both individual users and programs. Now you can
restrict user activities to only its home, mailbox etc. Filesystem Access
Domains works on device, dir and individual file granularity.
IP Labeling lists enable restriction on allowed network connections on per
program basis. From now on, you may configure your policy so that no one
except your favorite MTA can connect to remote port 25
Socket Access Control model enables fine grained socket access control by
associating, with each socket, a set of capabilities required for a local
process to connect to the socket.
LinSec consists of two parts: kernel patch (currently for 2.4.18) and
Detailed documentation, download & mailing list information - http://www.linsec.org
Источник: рассылка Bugtraq
This is to announce the first release of the SИcurIT Intrusion Detection
Toolkit, also known as SIDTk 1.0, which is completely Open Source and
available for downloads at http://securit.iquebec.com .
The SIDTk 1.0 is a collection of command-line tools aimed at improving
host-based intrusion detection conditions on Windows desktops and servers.
Some of these tools have originally been shipped with LogAgent 4.0, some
others are natural evolutions of pieces of code introduced with LogAgent
4.0 and LogIDS 1.0 Pro, while the others are based on a variation of the
same principle. It is easy to create new modules based on the same model,
and the code is completely Open Source.
The SIDTk 1.0 contains:
- ADSScan 1.0 : An Alternate Data Streams scanner
- IntegCheck 1.1 : A filesystem integrity checker (i.e. a Tripwire clone)
- LogUser 1.0 : A module to detect invalid user accounts
- LogShares 1.0 : A module to detect non-allowed shares on the machine
- LogServices 1.0 : A module to detect non-allowed services
- LogStartup 1.0 : A module to detect suspicious items inserted for
- LogProc 1.0 : A module to detect rogue processes running in memory
When launched regularly, these modules can help at finding various facets
of an intrusion, and help you to write out false positives and negatives
when combined with other intrusion detection utilities, like Snort and
These modules can be undertaken automatically when used with a registered
copy of LogAgent 5.0.
SИcurIT Informatique Inc.
New technique for spoofing an IP address using ARP cache poisoning and network
translation.The IP smart spoofing allows to run any application with a
address. As a result, we will explain why IP based access control is not
reliable on firewalls, routers or applications.
Announcing the release of sguil-0.3.0. Get it at http://sguil.sourceforge.net
Sguil (pronounced sgweel) , is built by network security analysts for network
security analysts. Sguil's main component is an intuiative GUI that provides the
analyst with realtime events from snort/barnyard. It also includes other
components which faciliate the practice of Network Security Monitoring and event
driven analysis of IDS alerts. The sguil client is written in tcl/tk and can be
ran on any operating system that supports tcl/tk (including Linux, *BSD,
Solaris, MacOS, and Win32).
Demo version 0.3.0 by pointing your sguil client to the server at
bamm.dyndns.org. Use any username/passwd when prompted.
Some changes/additions include:
* IP address and port lookups using http://www.dshield.org
* A 'wizard' for building queries
* A dialog for storing standard queries
* Export query results to a text file using CSV
* Email RT events based on signature ID and/or classifications
* Auto-catagorize events based on filters