viernes, octubre 22, 2004

Stephanie for OpenBSD 3.6

Stephanie is an OpenBSD hardening package; Viagra for the blowfish, if you will. It adds several security features not present in OpenBSD that many admins and users would like on their systems. Stephanie contains features both for compromise prevention and post-compromise damage reduce; or, last line of defense.

Stephanie for OpenBSD 3.6 has the following features:

  • Trusted users. Stephanie allows you to dynamically set a group as the 'currently trusted group.' This means you can maintain trust simply by adding or removing users from a group.
  • Vexec. Integrity verification of executed programs, memory mapped objects, and opened files. Completely revamped from earlier versions, now using hash tables. Supports MD5, SHA1, SHA256, SHA384, SHA512, and RMD160.
  • TPE; Trusted Path Execution. Prevent execution of files located in paths defined as 'untrusted.' (not owned and writable by root only)
  • Process privacy. Prevent processes from obtaining information about other processes, where the owner differs. (affects output of programs using sysctl's KERN_PROC) Also plugs into procfs.
  • Userland privacy. Plugs to various programs, preventing users from obtaining information such as online users, login/logout times, filtered netstat output...

No hay comentarios.: