Free immune security for software for linux

MultiAdmin security framework kernel module provides means to have multiple "root" users with unique UIDs.
This fixes collation order problems which for example appear with NSCD, allows to have files with determinable owner and allows to track the quota usage for every user, since they now have a unique uid.
MultiAdmin Security Module also implements a "sub-admin", a partially restricted root user, who has full read-only access to most subsystems, and additional write rights only to a limited subset, e.g. writing to files or killing processes only of certain users.
Enhancements:
- The NetAdmin user class has been removed since it can be handled in userspace.
- The code has been updated to work with Linux 2.6.22.

Ubuntu Security Notice Monitor is a karamba theme that displays the ten most recent USN report titles in a desktop widget.

Ubuntu Security Notice Monitor works by parsing the link text out of the USN page at http://www.ubuntulinux.org/usn using a Python backend.

Thanks goes to Richard "Ricardo" Szlachta for the graphics work.

Luke Macken Security LiveCD provides a fully functional livecd based on Fedora for use in security auditing, forensics research, and penetration testing.
Main features:
- All of the security features and tools Fedora has to offer
- Features from the FedoraLiveCD
- Ability to install directly to hard drive
Spinning your own
# yum install mercurial livecd-tools
$ hg clone http://hg.lewk.org/security-livecd
# livecd-creator --config security-livecd/fedora-security-livecd.ks --fslabel=Fedora-7-Security-LiveCD
Making changes to the LiveCD is as simple as modifying the fedora-security-livecd.ks configuration file.

The Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs. It will capture certain network events and record them in a relational database. The recorded data is available for analysis through a CGI-based interface.
You can run test version with ./Monitord, just to see how it works. Production version should be run in background, v.g. with nohup ./monitord &. Both versions will accept a device name as a parameter (default: eth0). You can send them SIGHUP at any time to print some stats. If you send SIGTERM, SIGQUIT or SIGINT, all threads will end gracefully.
Enhancements:
- Linux Kernel with "packet sockets" and "socket filtering" support.
- GNU C Library 2 (glibc2) with LinuxThreads support. (integrated in most recent versions).
- Full MySQL, including headers and libmysqlclient_r.
- GNU C Compiler (gcc).
- GNU Make (make).
- Perl (perl).
- Wget (wget).
Enhancements:
- Added chmod 4755 ... in Makefile
- Root should run make now, but not the daemon ;-)
- The daemon will drop root privileges as soon as possible
- (after creating the raw socket with an attached linux socket
- filter and putting the interface in promiscuous mode)
- No threads run with root privileges so its much safer
- (specially the new server thread which reads remote user input)
- Added stats thread
- To calculate/mantain exponential averages
- Added server thread
- It accepts HTTP requests and serves stats in XML

GNU Phantom.Security is a computer-controlled security system.
Phantom is designed to be a completely customizable computer controlled security system. All source code (C++/Bourne script) is included. Phantom was designed & tested on a Linux system, but I assume the C++ portions can be easily ported to other Unix systems (even DOS/Windows, maybe?). The Phantom Security system is for use with intrusion/fire detection equipment such as motion sensors, door magnets, and smoke detectors. However, any Normally Open or Normally Closed device may work with little or no change to the code. All source code and diagrams included are free to use,for distributing, and to modify!
Phantom.Controller is to be used in a system with non-powered security devices, i.e. door magnets. Phantom.Controller2 is for systems with powered security devices, i.e. motion sensors & smoke detectors. Anyone with a basic knowledge of circuit design can mix and match from these two diagrams to mix powered & non-powered devices!
Enhancements:
- To compile & install Phantom.Security 1.00:
- configure
- make
- make install
- The default installation directory is /home/Phantom/security. However, this can be modified in the top-level Makefile.am (if this is changed, you need to re-run aclocal, autoconf, & automake). However, both the bindir and datadir should point to the SAME directory, or else Phantom.Security wont function correctly, because it wont be able
- to find the Phantom.conf file.
Enhancements:
- Version 1.0!!! GNU Phantom.Security is out of Beta! I have been running Phantom.Security for months straight on my machine at work and believe it is stable enough to promote it out
- of Beta!
- Created HTML & PostScript versions of documentation. Available on-line.

Spike PHP Security Audit Tool project is a tool that performs a static analysis of PHP code for security exploits.
Usage:
To install, unzip Spike phpSecAudit package.
> unzip spike_phpSecAudit.zip
Change directory to your php repository.
> cd /path/to/code/to/audit
Execute the run.php, passing the file name or directory to audit.
> php /path/to/spike_phpSecAudit/run.php test_file.php
or
> php /path/to/spike_phpSecAudit/run.php dir_name
Enhancements:
- Modified to be PHP 4 friendly.
- A few functions have been added to the knowledge base: extract, shell_exec, pcntl_exec, and exec.
- The organization of the knowledge base file (vuln_db.xml) has been slightly improved.
- The _getAllPhpFiles function may miss a few (unverified).
- The tokenizer needs to be able to differentiate between a native function call and class method call of the same name, i.e. mail() and $class->mail().

Security::CVSS is a Perl module to calculate CVSS values (Common Vulnerability Scoring System).

SYNOPSIS

use Security::CVSS;

my $CVSS = new Security::CVSS;

$CVSS->AccessVector(Local);
$CVSS->AccessComplexity(High);
$CVSS->Authentication(Not-Required);
$CVSS->ConfidentialityImpact(Complete);
$CVSS->IntegrityImpact(Complete);
$CVSS->AvailabilityImpact(Complete);
$CVSS->ImpactBias(Normal);

my $BaseScore = $CVSS->BaseScore();

$CVSS->Exploitability(Proof-Of-Concept);
$CVSS->RemediationLevel(Official-Fix);
$CVSS->ReportConfidence(Confirmed);

my $TemporalScore = $CVSS->TemporalScore()

$CVSS->CollateralDamagePotential(None);
$CVSS->TargetDistribution(None);

my $EnvironmentalScore = $CVSS->EnvironmentalScore();

my $CVSS = new CVSS({AccessVector => Local,
AccessComplexity => High,
Authentication => Not-Required,
ConfidentialityImpact => Complete,
IntegrityImpact => Complete,
AvailabilityImpact => Complete,
ImpactBias => Normal
});

my $BaseScore = $CVSS->BaseScore();

$CVSS->UpdateFromHash({AccessVector => Remote,
AccessComplexity => Low);

my $NewBaseScore = $CVSS->BaseScore();

$CVSS->Vector((AV:L/AC:H/Au:NR/C:N/I:P/A:C/B:C));
my $BaseScore = $CVSS->BaseScore();
my $Vector = $CVSS->Vector();

CVSS allows you to calculate all three types of score described under the CVSS system: Base, Temporal and Environmental.

You can modify any parameter via its accessor and recalculate at any time.
The temporal score depends on the base score, and the environmental score depends on the temporal score. Therefore you must remember to supply all necessary parameters.

The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier. Even during the planning and development stages, our target was to achieve an excellent user-friendliness combined with an optimal toolset.
Professional open-source programs offer you a complete toolset to analyse your safety, byte for byte. In order to become quickly proficient within the Auditor security collection, the menu structure is supported by recognised phases of a security check. (Foot-printing, analysis, scanning, wireless, brute-forcing, cracking).
By this means, you instinctively find the right tool for the appropriate task. In addition to the approx. 300 tools, the Auditor security collection contains further background information regarding the standard configuration and passwords, as well as word lists from many different areas and languages with approx. 64 million entries.
Current productivity tools such as web browser, editors and graphic tools allow you to create or edit texts and pictures for reports, directly within the Auditor security platform. Many tools were adapted, newly developed or converted from other system platforms, in order to make as many current auditing tools available as possible on one CD-ROM.
Tools like Wellenreiter and Kismet were equipped with an automatic hardware identification, thus avoiding irritating and annoying configuration of the wireless cards.
Enhancements:
New & Updated tools:
- proxychains 1-8-1 (for example scanning over proxy more easy)
- yersinia-0.5.4
- kismet-logfile-viewer klv.pl and klc.pl
- ntp fingerprinting tool
- tftp bruteforce tool
- snmp fuzzer
- cisco torch 0.4b
- unicornscan 0.4.2
- packit
- sendip
- nasl 2.2.4
- tcpick
- cryptcat
- amap version 4.8
- tcpsplit
- Ethereal version 10.11
- ettercap-ng-0.72 and modified the etter.conf
- replaced tinysnmp with snmp tools
- vnc2swf /usr/X11R6/bin/recordwin and vnc2swf
- edit_vnc2swf.py
- edit_mp3.py
- wpa-supplicatiant 0.3.8
- hostapd-utils 0.3.7
- ssldump
- fragrouter
- Metasploit 2.4 including all known updates
- airsnarf, but no menu at moment
- fakeap to /opt/auditor but no menu entry at moment, need to write a shell script
- dsniff 2.4b1-10
- nessus plugins updated
- exploit tree updated
- Snort 2.3.2-5
- Bleeding-edge rules for snort
- New aircrack
- New airsnort
- Bet i forgot some to mention.
New & updated drivers:
- rt2400 linux drivers and utils (untested)
- rtl8180 driver (8180_26_private.ko and open8180.ko and /usr/local/bin/wlanup and /usr/local/bin/wlandown) (Untested)
- hostap drivers 0.3.7
- ipw2100 & ipw2200 incl firmware, incl monitor mode
- Prism54 with injection patch
- Linux-wlan-ng with injection patch
- Madwifi with injection patch
- ACX drivers are back on cd
Addons:
- Default password list has been updated
- Added some changes to the network stack using /etc/sysctl.conf, which will be called from knoppix-autoconfig script
- New background image
Some fixes i remember:
- Kernel completely rebuilded to provide full functionality
- Isolinux now accepts bootparameters again
- USB drivers are back to /dev/sda and booting from stick works fine
- grub files have been fixed
- fixed hostname /etc/hosts
- /cdrom/index.html pointed to the old forum fixed that
- Added cardctl eject, cardctl insert into switch-to-XY scripts
- Fixed the homebutton of the konquerror when clicked first time
- Fixed the menuentry for nessus