Free openwall software for linux

Openwall GNU/*/Linux (or Owl for short) is a security-enhanced operating system with Linux and GNU software as its core, compatible with other major distributions of GNU/*/Linux. Openwall GNU/*/Linux is intended as a server platform. And, of course, it is free.
Main features:
- While we value quality above feature set, Owl does indeed offer a number of features besides just trying to be more secure.
- Most obviously, Owl can be used as a base for installing whatever software is generally available for GNU/*/Linux systems. It offers some compatibility (read below) for software packages found in or developed for other major Linux distributions, such as Red Hat Linux.
- Additionally, being a server platform, Owl will include a growing set of integrated Internet services.
- Owl includes a complete build environment capable to re-build the entire system from source with one simple command ("make buildworld"). (This is explained in more detail below.)
- Owl supports multiple architectures (currently x86, SPARC, and Alpha), as this lets you use it in more cases and helps us catch certain classes of software bugs earlier, thus improving the reliability of Owl packages.
Security:
- Owl combines several approaches to reduce the number and/or impact of flaws in its software components and impact of flaws in third-party software that one might install on the system.
- The primary approach used is proactive source code review for several classes of software vulnerabilities. However, because of the large amount of code, theres a certain level of "importance" for a software component or a part thereof to be audited. - Currently, only pieces of code which are typically run with privileges greater than those of a regular user and/or typically process data obtained over a network are audited before the corresponding software component is included. This covers relevant code paths in many of the system libraries, all SUID/ SGID programs, all daemons and network services. Other software may be audited when it is already a part of Owl. Potential problems found during the audit are fixed or, in some pathological cases, may prevent the software component from being included. In general, code quality and privilege management are always considered when theres a choice between implementations of a feature. As the project evolves, many of the software components will be replaced with ones of our own.
- When packaged for Owl, the software components are configured or, when necessary, modified in order to provide safe defaults, apply the least privilege principle, and introduce privilege separation. The use of safe defaults, where optional and potentially dangerous features need to be turned on explicitly, lets us audit the pieces of code used in in the default configuration in a more thorough way. Extra systems administration facilities ("owl-control") are provided for managing system features such as the optional SUID/SGID binaries independently from installing the corresponding packages. Every Owl package will have its audit status documented to allow for risk assessment.
- While source code review is the preferred way to deal with software vulnerabilities, it cant be applied in all cases. Typically, when insecure third-party software is installed on an otherwise secure system, "the game" is lost. The only thing an operating system can guarantee is that potential unauthorized access would be limited to those privileges granted to the software in question. However, in the recent years, a number of approaches were developed which reduce the likelihood and/or may reduce the impact of successful real-world attacks on insecure third-party software. Owl will use some of those "hardening" approaches in various parts of the system.
- Owl uses "strong" cryptography within its core components, and already includes some security policy enforcement (proactive password checking with "pam_passwdqc", password and account expiration, network address- based access control) and integrity checking ("mtree") capabilities. It is one of our goals to provide a wide range of security tools with Owl, available for use "out of the box".
Enhancements:
- After many Owl-current snapshots, Owl 2.0 release is finally out.
- Owl 2.0 is built around Linux kernel 2.4.32-ow1, glibc 2.3.6 (with our security enhancements), GCC 3.4.5, and recent versions of over 100 other packages.
- It offers binary- and package-level compatibility for most packages intended for Red Hat Enterprise Linux 4 (RHEL4) and Fedora Core 3 (FC3), as well as for many FC4 packages.
- Additionally, Owl 2.0 uses our new installer, making installation a lot easier than it used to be for Owl 1.1 and below.

Sentry Firewall CD-ROM is a Linux-based bootable CDROM suitable for use as an inexpensive and easy to maintain firewall, server, or IDS(Intrusion Detection System) Node. The system is designed to be immediately configurable for a variety of different operating environments via a configuration file located on a floppy disk, a local hard drive, and/or a network via HTTP(S), FTP, SFTP, or SCP.
The Sentry Firewall CD is a complete Linux system that runs off of an initial ramdisk, much like a floppy-based system, and a CD. The default kernel is a current 2.4.x series kernel with various Netfilter patches applied. An OpenWall-patched current 2.2.x kernel is also available on the CD.
Booting from the CDROM is a fairly familiar process. The BIOS execs the bootloader(Syslinux) - which then displays a bootprompt and loads the kernel and ramdisk into memory. Once the kernel is running, the ramdisk is then mounted as root(/). At this point our configuration scripts are run(written in perl) that configure the rest of the system. It is the job of these configure scripts to put the various startup and system files into the proper location using either what is declared in the configuration file(sentry.conf) or the system defaults located in the /etc/default directory.
Most of the critical files used at boot time can be replaced with your own copy when declared in the configuration file. This is essentially how we allow the user to configure the system using his/her own configuration and init files.
All of the binaries, files, scripts, etc, used to create the CD-ROM are also available on the CD-ROM. So, with a little practice, you can easily build and customize your own bootable Sentry Firewall CD.
Main features:
- Current Linux Kernel: 2.4.28-ow1
- OpenWall security patch(-ow1).
- StrongSwan.
- Ebtables bridge+netfilter patch.
- Linux-WLAN modules.
- MPPE patch.
- Modules-off patch [ More Info | Patch ]
- iptables v1.2.11.
- ebtables v2.0.6.
- OpenVPN.
- IProute2 utilities.
- Vconfig.
- PPTP Client/Server.
- Zebra
- Snort IDS v2.2.0
- Scanlogd
- OpenSSH and OpenSSL
- net-snmp
- Webmin
- NMap
- Many other daemons and binaries you may need -- Apache, Sendmail, Squid, Perl, BIND (static/chroot), and more.

stephanie is a program for hardening OpenBSD for multiuser environments.

Mmmmm, OpenBSD. Functional, secure, free. With an emphasis on security and integrated cryptography, it carries an excellent reputation for plain old "you-just-cant-hack-this-ness". Not perfect, but nothing is, at least theyre not wearing suits and lying to you.

There are a few roles where i believe OpenBSD fits perfectly. One of these is in multiuser environments, where you have large numbers of possibly malicious users with local access. Here the OpenBSD teams commitment to auditing and fixing code provides a level trust in the environment which is hard to find elsewhere. Also, their efforts to provide integrated cryptography means setting up secure access is easy. So, lets take advantage of the freely available source and tailor it to our specific needs.

Details:

In Phrack 54, route|Mike Schiffman wrote a series of patches for OpenBSD 2.4 for Trusted Path Execution (TPE). Stephanie brings a modified version of these up to speed for OpenBSD 2.8 - 3.0, along with some additional features. A trusted path is one where the parent directory is owned by root and is neither group or other writeable. The TPE works off an internal list of trusted user ids. If a given user tries to execute a file not in a trusted path, and their user id is not in the kernels trusted list, they are denied execution privileges. In real terms, this means they cant download, compile and run krad-sploit.c.

In addition to the TPE, a series of privacy patches came along too. Originally supplied as patches for the individual utilities, these are now implemented through kvm(3), and honour trusted users (ie, trusted users are allowed to see all system information). As a practical example, this means that untrusted users will only be able to see information about processes they own, and the stat tools (netstat, iostat, vmstat, etc) will generally be broken for them. It has been pointed out that by going through trying to kill every possible process id you can find other users processes, but you cant really gain any information on them, so this is not really a great concern.

The original TPE patches had one known way of bypassing the execution restrictions, which was using shell redirection to allow arbitrary interpreted language scripts to be run (perl, sh, etc). This has been fixed up, but could possibly be a big pain in the ass, so please pay attention. When an interpreter is invoked, like most things, it creates a new process group with a job count of one. When a series of commands are connected via the | character on the command line, all the commands belong to the same process group and the job count represents the number of commands eg ps -ax | grep something | awk {print $1} has a job count of three, and the ps, grep and awk processes all belong to the same process group.

The one exception to this is when a user logs in, where we find their shell has its job count set to zero. So how can we use this to prevent shell redirection for a given set of programs? We need to be able to distinguish between ordinary commands and interpreters. At the moment this is done by setting the immutable flag on them. So, in kern_exec(), if we find an untrusted user executing something with the immutable flag set and a job count greater than zero, we flag the process as being potentially dodgy. Then in other system calls we disallow read()ing from fd 0 (stdin) and things like dup2(0, n) if the process has been flagged.

There are two main disadvantages to this. First is the system will need to be brought down to single user mode if the interpreter needs to be patched, and secondly, people will have a hard time suing to an untrusted user. Of course, when a user has shell, they can still type any commands that could otherwise be placed in a shell script, but at the least, this will raise the bar a bit.

Finally, Stephanie brings restricted symbolic links, ala the openwall patches for linux. As time permits, im still working on adding additional features, and will add bits of the openwall stuff i like. The basic goal is to add an extra layer of security without being a monumental pain in the ass to legitimate users, so some things wont be there. I havent added the additional hard link restrictions of the openwall patch, but will do something about this later as time permits.

Installing:

Step by step instructions are presented in the install guide which comes with the source. Read it all first, but its reasonably straight forward. It would be a good idea to read the original article (local copy) if you havent already.

Its distributed under the original two clause BSD license, mess with it all you want, but dont get cranky at me if it breaks something.

You can also read the tpe_adm(8) man page online.

Bastard is virtual server oriented patchset, containing essential elements for building virtual server container machines.
It includes a CTX-VS patch, squashfs for creating a small template server, lufs and bme for easily creating overlayed filesystems on top of the template, and honeynet- inspired extensions to enhance monitoring of hosted servers.
Bastard project also includes VPN extensions like OpenSWAN, MPPE, and CIPE to enable direct access to hosted virtual servers in situations where IPs are scarce.
Enhancements:
- The softirq changes were backed off.
- The openwall patch was updated.