На главную
Описания программных продуктов
1. LinSec

LinSec team is proud to announce the first stable release of LinSec.

LinSec, as the name says, is Linux Security Protection System. The main aim of LinSec is to introduce Mandatory Access Control (MAC) mechanism into Linux (as opposed to existing Discretionary Access Control mechanism).
LinSec model is based on:
* Capabilities
* Filesystem Access Domains
* IP Labeling Lists
* Socket Access Control
As for Capabilities, LinSec heavily extends the Linux native capability model to allow fine grained delegation of individual capabilities to both users and programs on the system. No more allmighty root!
Filesystem Access Domain subsystem allows restriction of accessible filesystem parts for both individual users and programs. Now you can restrict user activities to only its home, mailbox etc. Filesystem Access Domains works on device, dir and individual file granularity.
IP Labeling lists enable restriction on allowed network connections on per program basis. From now on, you may configure your policy so that no one except your favorite MTA can connect to remote port 25
Socket Access Control model enables fine grained socket access control by associating, with each socket, a set of capabilities required for a local process to connect to the socket.
LinSec consists of two parts: kernel patch (currently for 2.4.18) and userspace tools.
Detailed documentation, download & mailing list information - http://www.linsec.org
2. SIDTk

Источник: рассылка Bugtraq
This is to announce the first release of the SИcurIT Intrusion Detection Toolkit, also known as SIDTk 1.0, which is completely Open Source and available for downloads at http://securit.iquebec.com .
The SIDTk 1.0 is a collection of command-line tools aimed at improving host-based intrusion detection conditions on Windows desktops and servers. Some of these tools have originally been shipped with LogAgent 4.0, some others are natural evolutions of pieces of code introduced with LogAgent 4.0 and LogIDS 1.0 Pro, while the others are based on a variation of the same principle. It is easy to create new modules based on the same model, and the code is completely Open Source.
The SIDTk 1.0 contains:
- ADSScan 1.0 : An Alternate Data Streams scanner
- IntegCheck 1.1 : A filesystem integrity checker (i.e. a Tripwire clone)
- LogUser 1.0 : A module to detect invalid user accounts
- LogShares 1.0 : A module to detect non-allowed shares on the machine
- LogServices 1.0 : A module to detect non-allowed services
- LogStartup 1.0 : A module to detect suspicious items inserted for automatic startup
- LogProc 1.0 : A module to detect rogue processes running in memory
When launched regularly, these modules can help at finding various facets of an intrusion, and help you to write out false positives and negatives when combined with other intrusion detection utilities, like Snort and LogAgent 5.0.
These modules can be undertaken automatically when used with a registered copy of LogAgent 5.0.
Adam Richard
SИcurIT Informatique Inc.
3. Smartspoofing

New technique for spoofing an IP address using ARP cache poisoning and network translation.The IP smart spoofing allows to run any application with a address. As a result, we will explain why IP based access control is not reliable on firewalls, routers or applications.
4. Sguil
Announcing the release of sguil-0.3.0. Get it at http://sguil.sourceforge.net
Sguil (pronounced sgweel) , is built by network security analysts for network security analysts. Sguil's main component is an intuiative GUI that provides the analyst with realtime events from snort/barnyard. It also includes other components which faciliate the practice of Network Security Monitoring and event driven analysis of IDS alerts. The sguil client is written in tcl/tk and can be ran on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
Demo version 0.3.0 by pointing your sguil client to the server at bamm.dyndns.org. Use any username/passwd when prompted.
Some changes/additions include:
* IP address and port lookups using http://www.dshield.org
* A 'wizard' for building queries
* A dialog for storing standard queries
* Export query results to a text file using CSV
* Email RT events based on signature ID and/or classifications
* Auto-catagorize events based on filters