ruleset
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 35
Drools 2.1
Drools is a Rules Engine implementation based on Charles Forgys Rete algorithm tailored for the Java language. more>>
Drools is a Rules Engine implementation based on Charles Forgys Rete algorithm tailored for the Java language. Adapting Rete to an object-oriented interface allows for more natural expression of business rules with regards to business objects. Drools is written in Java, but able to run on Java and .Net.
Drools is designed to allow pluggeable language implementations. Currently rules can be written in Java, Python and Groovy. More importantly, Drools provides for Declarative Programming and is flexible enough to match the semantics of your problem domain with Domain Specific Languages (DSL) via XML using a Schema defined for your problem domain.
DSLs consist of XML elements and attributes that represent the problem domain.
Enhancements:
Bug
- DROOLS-294 - WorkingMemory synchronization is not complete (Barry Kaplan)
- DROOLS-314 - MethodMetadataSources need a stopping Class (Barry Kaplan)
- DROOLS-318 - WorkingMemoryEventListenerProcessor implements wrong interface (Barry Kaplan)
- DROOLS-347 - Maven build of drools-spring-jdk5 fails on Mac OS X (Andy Barnett)
- DROOLS-367 - Wrong rule executed when modifying object in workingmemory (Michael Neale)
- DROOLS-374 - Caching of classloaders in causes problems with hot deployment in some J2EE containers (Michael Neale)
- DROOLS-376 - Make source file (c) headers consistent with codehaus (Michael Neale)
- DROOLS-386 - Bug with the Escalation example? (Robert Laflamme)
- DROOLS-401 - Missing semaphore types in schema file (rules.xsd) (Edson Tirelli)
- DROOLS-403 - no-loop incorrectly removes all instances of a rule from the agenda (Michael Neale)
- DROOLS-409 - rename getNoLoop to isNoLoop to obey JavaBean naming convention (Mark Proctor)
- New Feature
- DROOLS-303 - Default rule-method parameter annotation (Barry Kaplan)
- DROOLS-360 - Maven goal for drools-all-src-XXX.zip (Mark Proctor)
- DROOLS-361 - Auto add RuleSet to RuleBase (Barry Kaplan)
- DROOLS-363 - Decision tables in spreadsheets (Michael Neale)
- DROOLS-383 - Integrate java:functions feature in decision tables. (Michael Neale)
- DROOLS-388 - Support for application data (variables), per rule duration, salience and names (Ricardo Rojas)
- DROOLS-408 - Xor Group so only one rule can fire for a specific group (Mark Proctor)
Improvement
- DROOLS-296 - Allow for default id value in parameter annotations (Barry Kaplan)
- DROOLS-297 - Allow multiple consequence annotations per rule (Barry Kaplan)
- DROOLS-301 - Remove Drools prefix from annotations (Barry Kaplan)
- DROOLS-309 - MethodMetadataSource to ignore certain classes (Barry Kaplan)
- DROOLS-310 - Condition sharing for POJO rules (Peter Royal)
- DROOLS-348 - JDK 1.3 no longer supported (Barry Kaplan)
- DROOLS-350 - Utilize 1.4 nested exceptions (Barry Kaplan)
- DROOLS-357 - Packaging between factory and meta needs some attention (Barry Kaplan)
- DROOLS-364 - Update spring libs and config files for 1.2 (Barry Kaplan)
- DROOLS-372 - Update Groovy to JSR-03 (Mark Proctor)
- DROOLS-381 - Add object-condition tests to RuleBuilderTest (Barry Kaplan)
- DROOLS-387 - add ability for a DSL to acces the XML namespace information in a Configuration (James Strachan)
- DROOLS-402 - Refactor maven.xml and drools:dist to make it faster and more intelligent (Mark Proctor)
- DROOLS-410 - Update Janino to 2.3.8 (Mark Proctor)
Test
- DROOLS-346 - Ant build.xml doesnt run drools-jsr94 unit tests (Andy Barnett)
- Task
- DROOLS-351 - Remove drools-annotation and derivitives from 2.1 (Barry Kaplan)
- DROOLS-370 - Add in drools-decisiontables subproject (Michael Neale)
<<lessDrools is designed to allow pluggeable language implementations. Currently rules can be written in Java, Python and Groovy. More importantly, Drools provides for Declarative Programming and is flexible enough to match the semantics of your problem domain with Domain Specific Languages (DSL) via XML using a Schema defined for your problem domain.
DSLs consist of XML elements and attributes that represent the problem domain.
Enhancements:
Bug
- DROOLS-294 - WorkingMemory synchronization is not complete (Barry Kaplan)
- DROOLS-314 - MethodMetadataSources need a stopping Class (Barry Kaplan)
- DROOLS-318 - WorkingMemoryEventListenerProcessor implements wrong interface (Barry Kaplan)
- DROOLS-347 - Maven build of drools-spring-jdk5 fails on Mac OS X (Andy Barnett)
- DROOLS-367 - Wrong rule executed when modifying object in workingmemory (Michael Neale)
- DROOLS-374 - Caching of classloaders in causes problems with hot deployment in some J2EE containers (Michael Neale)
- DROOLS-376 - Make source file (c) headers consistent with codehaus (Michael Neale)
- DROOLS-386 - Bug with the Escalation example? (Robert Laflamme)
- DROOLS-401 - Missing semaphore types in schema file (rules.xsd) (Edson Tirelli)
- DROOLS-403 - no-loop incorrectly removes all instances of a rule from the agenda (Michael Neale)
- DROOLS-409 - rename getNoLoop to isNoLoop to obey JavaBean naming convention (Mark Proctor)
- New Feature
- DROOLS-303 - Default rule-method parameter annotation (Barry Kaplan)
- DROOLS-360 - Maven goal for drools-all-src-XXX.zip (Mark Proctor)
- DROOLS-361 - Auto add RuleSet to RuleBase (Barry Kaplan)
- DROOLS-363 - Decision tables in spreadsheets (Michael Neale)
- DROOLS-383 - Integrate java:functions feature in decision tables. (Michael Neale)
- DROOLS-388 - Support for application data (variables), per rule duration, salience and names (Ricardo Rojas)
- DROOLS-408 - Xor Group so only one rule can fire for a specific group (Mark Proctor)
Improvement
- DROOLS-296 - Allow for default id value in parameter annotations (Barry Kaplan)
- DROOLS-297 - Allow multiple consequence annotations per rule (Barry Kaplan)
- DROOLS-301 - Remove Drools prefix from annotations (Barry Kaplan)
- DROOLS-309 - MethodMetadataSource to ignore certain classes (Barry Kaplan)
- DROOLS-310 - Condition sharing for POJO rules (Peter Royal)
- DROOLS-348 - JDK 1.3 no longer supported (Barry Kaplan)
- DROOLS-350 - Utilize 1.4 nested exceptions (Barry Kaplan)
- DROOLS-357 - Packaging between factory and meta needs some attention (Barry Kaplan)
- DROOLS-364 - Update spring libs and config files for 1.2 (Barry Kaplan)
- DROOLS-372 - Update Groovy to JSR-03 (Mark Proctor)
- DROOLS-381 - Add object-condition tests to RuleBuilderTest (Barry Kaplan)
- DROOLS-387 - add ability for a DSL to acces the XML namespace information in a Configuration (James Strachan)
- DROOLS-402 - Refactor maven.xml and drools:dist to make it faster and more intelligent (Mark Proctor)
- DROOLS-410 - Update Janino to 2.3.8 (Mark Proctor)
Test
- DROOLS-346 - Ant build.xml doesnt run drools-jsr94 unit tests (Andy Barnett)
- Task
- DROOLS-351 - Remove drools-annotation and derivitives from 2.1 (Barry Kaplan)
- DROOLS-370 - Add in drools-decisiontables subproject (Michael Neale)
Download (1.7MB)
Added: 2005-10-03 License: The Apache License 2.0 Price:
1492 downloads
Fragroute 1.2
Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host. more>>
Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998.
Fragroute features a simple ruleset language to delay, duplicate, drop, overlap, print, fragment, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour.
This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Please do not abuse this software.
<<lessFragroute features a simple ruleset language to delay, duplicate, drop, overlap, print, fragment, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour.
This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Please do not abuse this software.
Download (0.083MB)
Added: 2006-03-10 License: GPL (GNU General Public License) Price:
1344 downloads
iptables firewall script 0.5
iptables firewall script is an Linux firewall based on the iptables software. more>>
iptables firewall script is an Linux firewall based on the iptables software.
Sample:
######## START FUNCTIONS #########
scripthelp () {
cat /dev/null 2>&1
Every 5 minutes
*/5 * * * * /path/to/this/script restart > /dev/null 2>&1
refresh
-------
Dumps current rules and reloads them.
stop
----
Dumps current rules and halts firewall.
---------------------------------------------------------
Usage: $0 [start|restart|refresh|stop]
SCRIPTHELP
}
fireme () {
if [ -z "`lsmod|grep iptable_filter`" ];
then
modprobe iptable_filter
fi
#######################################
#---------- Start predefined target rulesets ----------#
#######################################
# On the fly
$PROG -N ONTHEFLY
$PROG -A ONTHEFLY -j LOG --log-level 5 --log-prefix "TL0G_ONTHEFLY: "
$PROG -A ONTHEFLY -j DROP
# DENIED PORTS Privileged (1-1023) Target Ruleset
$PROG -N DENIED_PORT_PRIV
$PROG -A DENIED_PORT_PRIV -m state --state RELATED,ESTABLISHED -j ACCEPT
$PROG -A DENIED_PORT_PRIV -j LOG --log-level 5 --log-prefix "TL0G_DENIED_PORT_PRIV: "
$PROG -A DENIED_PORT_PRIV -j DROP
# DENIED PORTS Unprivileged TCP (1024+) Target Ruleset
$PROG -N DENIED_PORT_UNPRIV_TCP
$PROG -A DENIED_PORT_UNPRIV_TCP -m state --state RELATED,ESTABLISHED -j ACCEPT
$PROG -A DENIED_PORT_UNPRIV_TCP -j LOG --log-level 5 --log-prefix "TL0G_DENIED_PORT_T-UNPRIV: "
$PROG -A DENIED_PORT_UNPRIV_TCP -m state --state NEW,INVALID -j DROP
# DENIED PORTS Unprivileged UDP (1024+) Target Ruleset
$PROG -N DENIED_PORT_UNPRIV_UDP
$PROG -A DENIED_PORT_UNPRIV_UDP -j LOG --log-level 5 --log-prefix "TL0G_DENIED_PORT_U-UNPRIV: "
$PROG -A DENIED_PORT_UNPRIV_UDP -j DROP
#######################################
#---------- End predefined target rulesets ----------#
######################################
# Services
$PROG -A INPUT -p tcp --dport 0:112 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
$PROG -A INPUT -p udp --dport 0:112 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
$PROG -A INPUT -p tcp --dport 114:1023 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
$PROG -A INPUT -p udp --dport 114:1023 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
# NFS
$PROG -A INPUT -p tcp --dport 2049 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
$PROG -A INPUT -p udp --dport 2049 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_UDP
# X11
$PROG -A INPUT -p tcp --dport 6000:6005 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
$PROG -A INPUT -p udp --dport 6000:6005 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_UDP
# Netbus
$PROG -A INPUT -p tcp --dport 12345:12346 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
$PROG -A INPUT -p udp --dport 12345:12346 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_UDP
# Deny all else on TCP unless initiated from local machine/network.
# This rule covers NFS, X11, and Netbus listed above, its a catch-all for any TCP
# ports you may have services running on, but dont know what ports they use.
# Prevents an accidental crack attempt via TCP services.
# If you wish to allow any services, or alter the existing rules, they must be
# added BEFORE the rule below.
$PROG -A INPUT -p tcp --dport 1024:65535 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
echo "[ [32;01mOK [0m]"
echo "rc.firewall loaded with IP: $IP and interface: $IFACE."
}
########################### END FUNCTIONS ##########################
##############################################
#----------------- START CONFIGURATION SECTION --------------------#
##############################################
# Set path to iptables program
PROG=/path/to/iptables
# Set interface type, ie; eth0, ppp0
IFACE=""
###############################################
#------------------ END CONFIGURATION SECTION ---------------------#
##############################################
# Test to make sure configuration variables are set, die if not.
if [ ! -x "$PROG" ] || [ -z "$IFACE" ];
then
echo "$PROG is not executable, or interface is not set, exiting."
exit 0
else
# Get current IP address
IP=`ifconfig $IFACE| grep inet| cut -f2 -d:| cut -f1 -d" "`
# Get old IP from last firewall load (if any).
# The purpose of getting OLDIP is so you can use this script in a cron
# job to update the firewall with the current IP, great for dialups
# and other dynamic connections.
# Examples:
# Check every 15 minutes:
# */15 * * * * /path/to/this/script restart > /dev/null 2>&1
# Check every 5 minutes:
# */5 * * * * /path/to/this/script restart > /dev/null 2>&1
OLDIP=`$PROG -n -L INPUT| grep 6005|grep udp| cut -b55-|cut -f1 -d u`
case $1 in
start)
if [ -z "$OLDIP" ];
then
echo -n "Starting firewall..."
fireme
elif [ $IP = $OLDIP ];
then
echo "FIREWALL IS UPDATED."
fi
;;
restart)
echo -n "Restarting firewall..."
if [ -z "`$PROG -n -L INPUT| grep 6005`" ];
then
fireme
elif [ $IP = $OLDIP ];
then
echo "FIREWALL IS UPDATED."
else
for i in DENIED_PORT_PRIV DENIED_PORT_UNPRIV_TCP DENIED_PORT_UNPRIV_UDP ONTHEFLY
do
$PROG -F $i
$PROG -F INPUT
$PROG -F FORWARD
$PROG -X $i
done
fireme
fi
;;
refresh)
echo -n "Resetting firewall..."
if [ -z "`$PROG -n -L INPUT| grep 6005`" ];
then
fireme
else
for i in DENIED_PORT_PRIV DENIED_PORT_UNPRIV_TCP DENIED_PORT_UNPRIV_UDP ONTHEFLY
do
$PROG -F $i
$PROG -F INPUT
$PROG -F FORWARD
$PROG -X $i
done
fireme
fi
;;
stop)
for i in DENIED_PORT_PRIV DENIED_PORT_UNPRIV_TCP DENIED_PORT_UNPRIV_UDP ONTHEFLY
do
$PROG -F $i
$PROG -F INPUT
$PROG -F FORWARD
$PROG -X $i
done
echo "Firewall stopped...[ [32;01mOK [0m]"
;;
*)
echo
scripthelp
;;
esac
fi
<<lessSample:
######## START FUNCTIONS #########
scripthelp () {
cat /dev/null 2>&1
Every 5 minutes
*/5 * * * * /path/to/this/script restart > /dev/null 2>&1
refresh
-------
Dumps current rules and reloads them.
stop
----
Dumps current rules and halts firewall.
---------------------------------------------------------
Usage: $0 [start|restart|refresh|stop]
SCRIPTHELP
}
fireme () {
if [ -z "`lsmod|grep iptable_filter`" ];
then
modprobe iptable_filter
fi
#######################################
#---------- Start predefined target rulesets ----------#
#######################################
# On the fly
$PROG -N ONTHEFLY
$PROG -A ONTHEFLY -j LOG --log-level 5 --log-prefix "TL0G_ONTHEFLY: "
$PROG -A ONTHEFLY -j DROP
# DENIED PORTS Privileged (1-1023) Target Ruleset
$PROG -N DENIED_PORT_PRIV
$PROG -A DENIED_PORT_PRIV -m state --state RELATED,ESTABLISHED -j ACCEPT
$PROG -A DENIED_PORT_PRIV -j LOG --log-level 5 --log-prefix "TL0G_DENIED_PORT_PRIV: "
$PROG -A DENIED_PORT_PRIV -j DROP
# DENIED PORTS Unprivileged TCP (1024+) Target Ruleset
$PROG -N DENIED_PORT_UNPRIV_TCP
$PROG -A DENIED_PORT_UNPRIV_TCP -m state --state RELATED,ESTABLISHED -j ACCEPT
$PROG -A DENIED_PORT_UNPRIV_TCP -j LOG --log-level 5 --log-prefix "TL0G_DENIED_PORT_T-UNPRIV: "
$PROG -A DENIED_PORT_UNPRIV_TCP -m state --state NEW,INVALID -j DROP
# DENIED PORTS Unprivileged UDP (1024+) Target Ruleset
$PROG -N DENIED_PORT_UNPRIV_UDP
$PROG -A DENIED_PORT_UNPRIV_UDP -j LOG --log-level 5 --log-prefix "TL0G_DENIED_PORT_U-UNPRIV: "
$PROG -A DENIED_PORT_UNPRIV_UDP -j DROP
#######################################
#---------- End predefined target rulesets ----------#
######################################
# Services
$PROG -A INPUT -p tcp --dport 0:112 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
$PROG -A INPUT -p udp --dport 0:112 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
$PROG -A INPUT -p tcp --dport 114:1023 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
$PROG -A INPUT -p udp --dport 114:1023 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
# NFS
$PROG -A INPUT -p tcp --dport 2049 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
$PROG -A INPUT -p udp --dport 2049 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_UDP
# X11
$PROG -A INPUT -p tcp --dport 6000:6005 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
$PROG -A INPUT -p udp --dport 6000:6005 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_UDP
# Netbus
$PROG -A INPUT -p tcp --dport 12345:12346 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
$PROG -A INPUT -p udp --dport 12345:12346 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_UDP
# Deny all else on TCP unless initiated from local machine/network.
# This rule covers NFS, X11, and Netbus listed above, its a catch-all for any TCP
# ports you may have services running on, but dont know what ports they use.
# Prevents an accidental crack attempt via TCP services.
# If you wish to allow any services, or alter the existing rules, they must be
# added BEFORE the rule below.
$PROG -A INPUT -p tcp --dport 1024:65535 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
echo "[ [32;01mOK [0m]"
echo "rc.firewall loaded with IP: $IP and interface: $IFACE."
}
########################### END FUNCTIONS ##########################
##############################################
#----------------- START CONFIGURATION SECTION --------------------#
##############################################
# Set path to iptables program
PROG=/path/to/iptables
# Set interface type, ie; eth0, ppp0
IFACE=""
###############################################
#------------------ END CONFIGURATION SECTION ---------------------#
##############################################
# Test to make sure configuration variables are set, die if not.
if [ ! -x "$PROG" ] || [ -z "$IFACE" ];
then
echo "$PROG is not executable, or interface is not set, exiting."
exit 0
else
# Get current IP address
IP=`ifconfig $IFACE| grep inet| cut -f2 -d:| cut -f1 -d" "`
# Get old IP from last firewall load (if any).
# The purpose of getting OLDIP is so you can use this script in a cron
# job to update the firewall with the current IP, great for dialups
# and other dynamic connections.
# Examples:
# Check every 15 minutes:
# */15 * * * * /path/to/this/script restart > /dev/null 2>&1
# Check every 5 minutes:
# */5 * * * * /path/to/this/script restart > /dev/null 2>&1
OLDIP=`$PROG -n -L INPUT| grep 6005|grep udp| cut -b55-|cut -f1 -d u`
case $1 in
start)
if [ -z "$OLDIP" ];
then
echo -n "Starting firewall..."
fireme
elif [ $IP = $OLDIP ];
then
echo "FIREWALL IS UPDATED."
fi
;;
restart)
echo -n "Restarting firewall..."
if [ -z "`$PROG -n -L INPUT| grep 6005`" ];
then
fireme
elif [ $IP = $OLDIP ];
then
echo "FIREWALL IS UPDATED."
else
for i in DENIED_PORT_PRIV DENIED_PORT_UNPRIV_TCP DENIED_PORT_UNPRIV_UDP ONTHEFLY
do
$PROG -F $i
$PROG -F INPUT
$PROG -F FORWARD
$PROG -X $i
done
fireme
fi
;;
refresh)
echo -n "Resetting firewall..."
if [ -z "`$PROG -n -L INPUT| grep 6005`" ];
then
fireme
else
for i in DENIED_PORT_PRIV DENIED_PORT_UNPRIV_TCP DENIED_PORT_UNPRIV_UDP ONTHEFLY
do
$PROG -F $i
$PROG -F INPUT
$PROG -F FORWARD
$PROG -X $i
done
fireme
fi
;;
stop)
for i in DENIED_PORT_PRIV DENIED_PORT_UNPRIV_TCP DENIED_PORT_UNPRIV_UDP ONTHEFLY
do
$PROG -F $i
$PROG -F INPUT
$PROG -F FORWARD
$PROG -X $i
done
echo "Firewall stopped...[ [32;01mOK [0m]"
;;
*)
echo
scripthelp
;;
esac
fi
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
986 downloads
RBL Spam Daemon 0.0.4
rblsd is a small, fast, SpamAssassin-compatible spam filter. more>>
rblsd is a small, fast, SpamAssassin-compatible spam filter. It filters mail by performing a series of RBL lookups on each message. This results in fast, accurate, low-load spam filtration. This can be used as a standalone, replacement for SpamAssassin, or as an secondary filter to increase mail throughput.
As for the folks here in collegeland, were getting to that point in the semester when we discover its the fifth week already, and midterms are coming up, and all of a sudden, weve got tests. I have nearly completed a major improvement to the internal loop (the backbone of the server), but dont use it right now, because clients wont time out (you should note that the development version in cvs is rarely usable for real mail, and sometimes it wont even run normally). Here are features that Im planning for the fifth release:
Compatibility with firedns To me, rblsd and firedns seem meant for each other. This is optional, of course, just be sure your OS has copy-on-write :-).
Multiple-user configurations, with flexible passwd files.
A "lite" version, that processes a single piece of mail from input. rblsd was designed for a high volume of mail, and is indeed optimized for this, but I could create a light-weight mail filter that uses the rich ruleset of rblsd for a less hardcore user.
The ability to record marked spam (in its unprocessed form) for any reason you may need a collection of spam mails (to train a smart filter perhaps? Vipuls Razor?)
Of course, a few new knobs to turn, in order to best reduce spam, based on your particular mail flow patterns.
And of course, performance improvements.
Hopefully this will get done by November. It is possible I may have to put this off till winter break, in which case, late December, at the latest. Ill try to give occasional progress reports, so check the site back if youre interested. Meanwhile, Im going to drift back into college life and prioritize my obligations there. Have fun out there in the real world!
Enhancements:
- Countless internal changes, clean-ups, and minor bugfixes made.
- Fixed support for new resolver libraries (BIND-9).
- spamc2 rebuilt from the ground up (built from SpamAssassins spamc).
- Cleaned up the appearance of the filtered messages.
- Improved hash table performance (faster responses).
- Documentation rewritten.
- Configuration file added (see rblsd.conf).
- Custom rules based on header IP addresses added.
- Support for blacklists and whitelists via SpamAssassin configuration file added.
- Network access rules added.
<<lessAs for the folks here in collegeland, were getting to that point in the semester when we discover its the fifth week already, and midterms are coming up, and all of a sudden, weve got tests. I have nearly completed a major improvement to the internal loop (the backbone of the server), but dont use it right now, because clients wont time out (you should note that the development version in cvs is rarely usable for real mail, and sometimes it wont even run normally). Here are features that Im planning for the fifth release:
Compatibility with firedns To me, rblsd and firedns seem meant for each other. This is optional, of course, just be sure your OS has copy-on-write :-).
Multiple-user configurations, with flexible passwd files.
A "lite" version, that processes a single piece of mail from input. rblsd was designed for a high volume of mail, and is indeed optimized for this, but I could create a light-weight mail filter that uses the rich ruleset of rblsd for a less hardcore user.
The ability to record marked spam (in its unprocessed form) for any reason you may need a collection of spam mails (to train a smart filter perhaps? Vipuls Razor?)
Of course, a few new knobs to turn, in order to best reduce spam, based on your particular mail flow patterns.
And of course, performance improvements.
Hopefully this will get done by November. It is possible I may have to put this off till winter break, in which case, late December, at the latest. Ill try to give occasional progress reports, so check the site back if youre interested. Meanwhile, Im going to drift back into college life and prioritize my obligations there. Have fun out there in the real world!
Enhancements:
- Countless internal changes, clean-ups, and minor bugfixes made.
- Fixed support for new resolver libraries (BIND-9).
- spamc2 rebuilt from the ground up (built from SpamAssassins spamc).
- Cleaned up the appearance of the filtered messages.
- Improved hash table performance (faster responses).
- Documentation rewritten.
- Configuration file added (see rblsd.conf).
- Custom rules based on header IP addresses added.
- Support for blacklists and whitelists via SpamAssassin configuration file added.
- Network access rules added.
Download (0.15MB)
Added: 2006-07-10 License: GPL (GNU General Public License) Price:
1202 downloads
Basic Ipchains Firewall Rule Script 0.1.0 Beta
Basic Ipchains Firewall Rule Script is an iptables firewall script. more>>
Basic Ipchains Firewall Rule Script is an iptables firewall script.
WARNING THIS SCRIPT HAS NOT BEEN TESTED YET! USE AT YOUR OWN RISK.
TIPS:
- To test your ruleset without actually changing the firewall, you can change the IPTABLES variable below to "echo" and run the script. This will print a copy of the ruleset commands out to stdout (screen)
- To tidy it up even more, you could try this when you run the script with the "echo" setting:
/etc/rc.d/rc.firewall | grep ^- | sed s/^-/ipchains -/
- Or to create a prebuilt ruleset with your variables already set:
/etc/rc.d/rc.firewall | grep ^- | sed s/^-/ipchains -/ > newfile
Of course you will have to rerun this and create a new script whenever you change the variables in this script.
<<lessWARNING THIS SCRIPT HAS NOT BEEN TESTED YET! USE AT YOUR OWN RISK.
TIPS:
- To test your ruleset without actually changing the firewall, you can change the IPTABLES variable below to "echo" and run the script. This will print a copy of the ruleset commands out to stdout (screen)
- To tidy it up even more, you could try this when you run the script with the "echo" setting:
/etc/rc.d/rc.firewall | grep ^- | sed s/^-/ipchains -/
- Or to create a prebuilt ruleset with your variables already set:
/etc/rc.d/rc.firewall | grep ^- | sed s/^-/ipchains -/ > newfile
Of course you will have to rerun this and create a new script whenever you change the variables in this script.
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
982 downloads
levy 1.22
levy is a perl script which generates a basic iptables rulesets based on a given external interface. more>>
levy is a perl script which generates a basic iptables rulesets based on a given external interface and a set of ports to open. Its design is to save folks some time in creating a skeleton ruleset to work from, though it can construct a fully functional firewall with NAT support.
levy has several run-time options to control what sorts of rulesets to generate: see levy.pl -h for a full list.
Here are some examples for usage:
I want a basic firewall which allows in ports 22, 80, 113 (matching their protocols), logs all dropped connections, aggressively defines reserved addresses, and provides NAT for 192.168.0.0/16. My interface to the internet is eth0 --
./levy.pl eth0 22 80 113 -l -r -m -n 192.168.0.0/16 > firewall.rules
After testing this ruleset, I decide its fine, though I want to open https (443) and set the output as a shell script I can just run:
./levy.pl eth0 22 80 113 143 -e -l -r -m -n 192.168.0.0/16 > firewall.rc
Main features:
- Levy supports creating a restrictive firewall with specific public services, defined subnets for NAT, and defined trusted networks.
<<lesslevy has several run-time options to control what sorts of rulesets to generate: see levy.pl -h for a full list.
Here are some examples for usage:
I want a basic firewall which allows in ports 22, 80, 113 (matching their protocols), logs all dropped connections, aggressively defines reserved addresses, and provides NAT for 192.168.0.0/16. My interface to the internet is eth0 --
./levy.pl eth0 22 80 113 -l -r -m -n 192.168.0.0/16 > firewall.rules
After testing this ruleset, I decide its fine, though I want to open https (443) and set the output as a shell script I can just run:
./levy.pl eth0 22 80 113 143 -e -l -r -m -n 192.168.0.0/16 > firewall.rc
Main features:
- Levy supports creating a restrictive firewall with specific public services, defined subnets for NAT, and defined trusted networks.
Download (0.009MB)
Added: 2006-07-08 License: Artistic License Price:
1203 downloads
Remo 0.2.0
Remo is a Rule Editor for ModSecurity. more>>
Remo is a Rule Editor for ModSecurity.
Main features:
- Ruby on rails application with ajax use
- Enter http requests, display them, edit them, delete them, rearrange them
- Edit the http headers of the requests
- Generate positive modsecurity2 ruleset
ModSecurity is not a simple toy. It is quite tricky to configure successfully. Many web applications are not very simple either. Bringing them together by writing a ModSecurity ruleset is very difficult. Modsecurity.org advertises a tested core ruleset granting you protection from most known attacks. But this is only a blacklist approach: All known dangerous traffic is filtered out.
A network firewall uses a whitelist approach; also called positive security model: Everything is dropped outside of a short and strict rulset. An application firewall should do exactly the same. (See Ivan Ristics thougts on positive security. Ivan Ristic is the man behind ModSecurity.)
But this comes with a catch: Your application does not come with a short and strict ruleset and writing one will be tough. This is the point where remo will come into play. It is meant as a graphical editor for this ruleset, thus helping you to generate a whitelist of valid requests to your application. Ideally you will be able to bundle this ruleset with every release of your online application. We are not there yet. Far from it to be honest. But the development has started and you are welcome to join in.
Enhancements:
- This first beta release brings the ability to import ModSecurity audit-logs and match them against the ruleset in the edit-area of Remo.
- This lets you check if the ruleset which you are developing will work with your online application in practice.
<<lessMain features:
- Ruby on rails application with ajax use
- Enter http requests, display them, edit them, delete them, rearrange them
- Edit the http headers of the requests
- Generate positive modsecurity2 ruleset
ModSecurity is not a simple toy. It is quite tricky to configure successfully. Many web applications are not very simple either. Bringing them together by writing a ModSecurity ruleset is very difficult. Modsecurity.org advertises a tested core ruleset granting you protection from most known attacks. But this is only a blacklist approach: All known dangerous traffic is filtered out.
A network firewall uses a whitelist approach; also called positive security model: Everything is dropped outside of a short and strict rulset. An application firewall should do exactly the same. (See Ivan Ristics thougts on positive security. Ivan Ristic is the man behind ModSecurity.)
But this comes with a catch: Your application does not come with a short and strict ruleset and writing one will be tough. This is the point where remo will come into play. It is meant as a graphical editor for this ruleset, thus helping you to generate a whitelist of valid requests to your application. Ideally you will be able to bundle this ruleset with every release of your online application. We are not there yet. Far from it to be honest. But the development has started and you are welcome to join in.
Enhancements:
- This first beta release brings the ability to import ModSecurity audit-logs and match them against the ruleset in the edit-area of Remo.
- This lets you check if the ruleset which you are developing will work with your online application in practice.
Download (1.6MB)
Added: 2007-06-06 License: GPL (GNU General Public License) Price:
872 downloads
ipfmeta 1.3
ipfmeta is used to simplify the maintenance of an IPfilter ruleset. more>>
ipfmeta is used to simplify the maintenance of an IPfilter ruleset. It does this through the use of objects. A matching object gets replaced by its values at runtime. ipfmeta is specifically geared towards IPfilter. It is line oriented: if an object has multiple values, the line with the object is duplicated and substituted for each value. It is also recursive: an object may have another object as a value.
ipfmeta is a program written in Perl.
<<lessipfmeta is a program written in Perl.
Download (0.004MB)
Added: 2006-07-06 License: BSD License Price:
1205 downloads
fwsnort 1.0
fwsnort translates snort rules into an equivalent iptables ruleset. more>>
fwsnort parses the rules files included in the snort intrusion detection system and builds an equivalent iptables ruleset for as many rules as possible.
fwsnort accepts command line arguments to restrict processing to any particular class of snort rules such as "ddos", "backdoor", or "web-attacks". Processing can even be restricted to a specific snort rule as identified by its "snort id" or "sid".
fwsnort utilizes the iptables string match module (together with a custom patch that adds a --hex-string option to the iptables user space code) to detect application level signatures.
fwsnort (optionally) makes use of the IPTables::Parse module (to be submitted to CPAN) to translate snort rules for which matching traffic could potentially be passed through the existing iptables ruleset.
Main features:
- Detection for tcp syn, fin, null, and xmas scans as well as udp scans.
- Detection of many signature rules from the snort intrusion detection system.
- Forensics mode iptables logfile analysis (useful as a forensics tool for extracting scan information from old iptables logfiles).
- Passive operating system fingerprinting via tcp syn packets. Two different fingerprinting strategies are supported; a re-implementation of p0f that strictly uses iptables log messages (requires the --log-tcp-options command line switch), and a TOS-based strategy.
- Email alerts that contain tcp/udp/icmp scan characteristics, reverse dns and whois information, snort rule matches, remote OS guess information, and more.
- Content-based alerts for buffer overflow attacks, suspicious application commands, and other suspect traffic through the use of the iptables string match extension and fwsnort.
- Icmp type and code header field validation.
- Configurable scan thresholds and danger level assignments.
- Iptables ruleset parsing to verify "default drop" policy stance.
- IP/network danger level auto-assignment (can be used to ignore or automatically escalate danger levels for certain networks).
- DShield alerts.
- Auto-blocking of scanning IP addresses via iptables and/or tcpwrappers based on scan danger level. (This is NOT enabled by default.)
- Status mode that displays a summary of current scan information with associated packet counts, iptables chains, and danger levels.
Enhancements:
- This is a major update to add the ability to send packets that match content or uricontent criteria to userspace via the iptables QUEUE or NFQUEUE targets.
- This can be used to speed up snort_inline IPS.
- A fwsnort mailing list was added.
- A bug was fixed to remove any existing jump rules from the built-in INPUT, OUTPUT, and FORWARD chains before creating a new jump rules.
- This allows the fwsnort.sh script to be executed multiple times without creating a new jump rule in the fwsnort chains for each execution.
<<lessfwsnort accepts command line arguments to restrict processing to any particular class of snort rules such as "ddos", "backdoor", or "web-attacks". Processing can even be restricted to a specific snort rule as identified by its "snort id" or "sid".
fwsnort utilizes the iptables string match module (together with a custom patch that adds a --hex-string option to the iptables user space code) to detect application level signatures.
fwsnort (optionally) makes use of the IPTables::Parse module (to be submitted to CPAN) to translate snort rules for which matching traffic could potentially be passed through the existing iptables ruleset.
Main features:
- Detection for tcp syn, fin, null, and xmas scans as well as udp scans.
- Detection of many signature rules from the snort intrusion detection system.
- Forensics mode iptables logfile analysis (useful as a forensics tool for extracting scan information from old iptables logfiles).
- Passive operating system fingerprinting via tcp syn packets. Two different fingerprinting strategies are supported; a re-implementation of p0f that strictly uses iptables log messages (requires the --log-tcp-options command line switch), and a TOS-based strategy.
- Email alerts that contain tcp/udp/icmp scan characteristics, reverse dns and whois information, snort rule matches, remote OS guess information, and more.
- Content-based alerts for buffer overflow attacks, suspicious application commands, and other suspect traffic through the use of the iptables string match extension and fwsnort.
- Icmp type and code header field validation.
- Configurable scan thresholds and danger level assignments.
- Iptables ruleset parsing to verify "default drop" policy stance.
- IP/network danger level auto-assignment (can be used to ignore or automatically escalate danger levels for certain networks).
- DShield alerts.
- Auto-blocking of scanning IP addresses via iptables and/or tcpwrappers based on scan danger level. (This is NOT enabled by default.)
- Status mode that displays a summary of current scan information with associated packet counts, iptables chains, and danger levels.
Enhancements:
- This is a major update to add the ability to send packets that match content or uricontent criteria to userspace via the iptables QUEUE or NFQUEUE targets.
- This can be used to speed up snort_inline IPS.
- A fwsnort mailing list was added.
- A bug was fixed to remove any existing jump rules from the built-in INPUT, OUTPUT, and FORWARD chains before creating a new jump rules.
- This allows the fwsnort.sh script to be executed multiple times without creating a new jump rule in the fwsnort chains for each execution.
Download (0.28MB)
Added: 2007-04-22 License: GPL (GNU General Public License) Price:
915 downloads
Firewall Monitor 1.1.0
Firewall Monitor allows you to monitor ipchains/iptables output in realtime. more>>
Firewall Monitor allows you to monitor ipchains/iptables output in realtime. It supports both logging to a file/stdout and/or to tcpdump format capture logs. It also supports security features such as running non-root, and chrooting itself.
Fwmon can easily be integrated into an existing ipchains ruleset. As an example, fwmon can be easily integrated into the excellently commented TrinityOS ruleset available from http://www.ecst.csuchico.edu/~dranch/LINUX. The enhanced logging may be selectively added to specific existing rules by adding a new user-defined rule to the default ACCEPT, REJECT and DENY rules..This program has been known in the past as "Firestorm Firewall Monitor", however it shares nothing with firestorm.
If you wish to retain current ipchains logging features which RedHat and TurboLinux among other distributions make to /var/log/messages and add the additional features of fwmon, keep the -l option (or the $LOGGING equivalent used in TrinityOS) for those rules of interest. Fwmon data will be placed in a separate file (user-configurable) via a new target of those rules for which the capability is desired. Note that this new rule will not contain the -l (or $LOGGING) flag so packets trapped by a primary rule are not logged twice by ipchains. Additionally, by retaining the ipchains logging in primary rules, the rule number that caused the logging is contained in the ipchains log entries, and not the rule number of the new chain.
As a guide for adding this new chain, the TrinityOS rule set begins with setting of various parameters used with firewalls (flag settinga in the /proc directory, loading of modules, etc) then rules are grouped in INPUT, OUTPUT and FORWARD sections. Since this new rule will be a target of other rules, it must be placed BEFORE the first rule which references it to avoid errors the first time the ruleset is loaded. We suggest that a new
section defining the rule be placed just before the INPUT rules section and consist of:
Enhancements:
- Fixed logrotate problems with libpcap files. There is still a race condition but under normal circumstances you shouldnt encounter it, Ill think about fixing it all the same.
<<lessFwmon can easily be integrated into an existing ipchains ruleset. As an example, fwmon can be easily integrated into the excellently commented TrinityOS ruleset available from http://www.ecst.csuchico.edu/~dranch/LINUX. The enhanced logging may be selectively added to specific existing rules by adding a new user-defined rule to the default ACCEPT, REJECT and DENY rules..This program has been known in the past as "Firestorm Firewall Monitor", however it shares nothing with firestorm.
If you wish to retain current ipchains logging features which RedHat and TurboLinux among other distributions make to /var/log/messages and add the additional features of fwmon, keep the -l option (or the $LOGGING equivalent used in TrinityOS) for those rules of interest. Fwmon data will be placed in a separate file (user-configurable) via a new target of those rules for which the capability is desired. Note that this new rule will not contain the -l (or $LOGGING) flag so packets trapped by a primary rule are not logged twice by ipchains. Additionally, by retaining the ipchains logging in primary rules, the rule number that caused the logging is contained in the ipchains log entries, and not the rule number of the new chain.
As a guide for adding this new chain, the TrinityOS rule set begins with setting of various parameters used with firewalls (flag settinga in the /proc directory, loading of modules, etc) then rules are grouped in INPUT, OUTPUT and FORWARD sections. Since this new rule will be a target of other rules, it must be placed BEFORE the first rule which references it to avoid errors the first time the ruleset is loaded. We suggest that a new
section defining the rule be placed just before the INPUT rules section and consist of:
Enhancements:
- Fixed logrotate problems with libpcap files. There is still a race condition but under normal circumstances you shouldnt encounter it, Ill think about fixing it all the same.
Download (0.027MB)
Added: 2006-07-07 License: GPL (GNU General Public License) Price:
1204 downloads
DShaper 0.2.1
DShaper is a variable bandwidth traffic shaper. more>>
DShaper is a variable bandwidth traffic shaper that can be configured to adjust the size of a DUMMYNET pipe, depending on traffic volume flowing through the pipe.
TODO:
- Add feature: autonegote
Feature will give ability to adjust dshaper ruleset based on actual pipe usage. This is a discipline function.
- Add feature: snmpstat
Feature will enable dshaper statistics to be exported via snmpd.
Useful for monitoring pipe traffic via an snmp application such as cacti or mrtg.
NOTE: Unless requested, these features and additional features will NOT be actively worked on.
Currently Im reviewing my license options, and should have source code available shortly. I am leaning toward the BSD license. Please read the license file for Current binary release.
Enhancements:
- ReStructed Code
- Cleaned Code
- minbw, maxbw, burst, pointpercent, minempty supported
- Tested on FreeBSD4.11
<<lessTODO:
- Add feature: autonegote
Feature will give ability to adjust dshaper ruleset based on actual pipe usage. This is a discipline function.
- Add feature: snmpstat
Feature will enable dshaper statistics to be exported via snmpd.
Useful for monitoring pipe traffic via an snmp application such as cacti or mrtg.
NOTE: Unless requested, these features and additional features will NOT be actively worked on.
Currently Im reviewing my license options, and should have source code available shortly. I am leaning toward the BSD license. Please read the license file for Current binary release.
Enhancements:
- ReStructed Code
- Cleaned Code
- minbw, maxbw, burst, pointpercent, minempty supported
- Tested on FreeBSD4.11
Download (0.019MB)
Added: 2006-01-13 License: Other/Proprietary License Price:
1381 downloads
Brawl Ball 0.1
Brawl Ball project is a game of football based on the Blood Bowl ruleset. more>>
Brawl Ball project is a game of football based on the Blood Bowl ruleset.
Brawl Ball is a game of football based on the rules of the fantasy football game, Blood Bowl. It supports the full "basic" Blood Bowl ruleset.
Main features:
- Five basic player skills: block, catch, dodge, pass, & sure hands
- Team rerolls & player rerolls
- Team customization and/or creation using an xml format file and custom images
- Preferences for a strict adherence to the rules, or a more loosely played game
- Supports multiple languages (see internationalization)
<<lessBrawl Ball is a game of football based on the rules of the fantasy football game, Blood Bowl. It supports the full "basic" Blood Bowl ruleset.
Main features:
- Five basic player skills: block, catch, dodge, pass, & sure hands
- Team rerolls & player rerolls
- Team customization and/or creation using an xml format file and custom images
- Preferences for a strict adherence to the rules, or a more loosely played game
- Supports multiple languages (see internationalization)
Download (1.9MB)
Added: 2006-11-27 License: GPL (GNU General Public License) Price:
1067 downloads
NetMate 0.9.4
NetMate is a flexible and extensible network measurement tool (meter). more>>
NetMate comes from Network Measurement and Accounting System and is a flexible and extensible network measurement tool (meter).
It can be used for accounting, delay/loss measurement, packet capturing and much more. The main advantage over other existing tools is that it can be easily extended due to its modular (class-based) structure and dynamic loadable packet processing and information export modules.
A GUI for controlling multiple meters and displaying measurement results is currently under development.
NMRSH is the NetMate Remote Shell which allows to remote control NetMate meters.
Main features:
- Flexibility and Extensibility
- Runtime loadable metric and export modules
- Modular architecture (C++ classes)
- Extensible Ruleset Format (XML-based)
- Portable Implementation
- GNU autotools
- OS tested: Linux (SuSE, Debian, Redhat), FreeBSD, Solaris
- Open Source (GPL)
- Configurable Multithreading
- IPv4 and IPv6 Support
- Multiple Classification Algorithms
- Automatic flow generation based on arbitrary packet attribute combinations
- Packet Sampling Support
- Secure Control Interface
- SSL Encryption
- Host-based Authentication (DNS, IP address)
- User-based Authentication (HTTP)
- Packet capturing using libpcap
- Support simultaneous measurement on multiple interfaces
- Currently only Ethernet, IPv4/IPv6, ICMP, TCP, UDP, data layer support
- Extensible to everything libpcap can capture
- Metric Modules
- Counter, bandwidth, jitter, port usage, packet length, RTP packet loss, packet ID generation (crc32 and md5), capture (tcpdump file), RTT (ICMP echo), text output (similar to tcpdump output), DNS latency, HTTP performance, TCP connection setup latency
- Export Modules
- Text file, binary file, SQL (under development), IPFIX (under development)
- Remote Control via Shell Tool or Standard Web Browser
- Interactive or batch processing of meter commands
Enhancements:
- Minor changes and bugfixes were made.
<<lessIt can be used for accounting, delay/loss measurement, packet capturing and much more. The main advantage over other existing tools is that it can be easily extended due to its modular (class-based) structure and dynamic loadable packet processing and information export modules.
A GUI for controlling multiple meters and displaying measurement results is currently under development.
NMRSH is the NetMate Remote Shell which allows to remote control NetMate meters.
Main features:
- Flexibility and Extensibility
- Runtime loadable metric and export modules
- Modular architecture (C++ classes)
- Extensible Ruleset Format (XML-based)
- Portable Implementation
- GNU autotools
- OS tested: Linux (SuSE, Debian, Redhat), FreeBSD, Solaris
- Open Source (GPL)
- Configurable Multithreading
- IPv4 and IPv6 Support
- Multiple Classification Algorithms
- Automatic flow generation based on arbitrary packet attribute combinations
- Packet Sampling Support
- Secure Control Interface
- SSL Encryption
- Host-based Authentication (DNS, IP address)
- User-based Authentication (HTTP)
- Packet capturing using libpcap
- Support simultaneous measurement on multiple interfaces
- Currently only Ethernet, IPv4/IPv6, ICMP, TCP, UDP, data layer support
- Extensible to everything libpcap can capture
- Metric Modules
- Counter, bandwidth, jitter, port usage, packet length, RTP packet loss, packet ID generation (crc32 and md5), capture (tcpdump file), RTT (ICMP echo), text output (similar to tcpdump output), DNS latency, HTTP performance, TCP connection setup latency
- Export Modules
- Text file, binary file, SQL (under development), IPFIX (under development)
- Remote Control via Shell Tool or Standard Web Browser
- Interactive or batch processing of meter commands
Enhancements:
- Minor changes and bugfixes were made.
Download (0.77MB)
Added: 2006-07-06 License: GPL (GNU General Public License) Price:
1286 downloads
Saint Jude 0.23
Saint Jude software is a Project to develop Kernel-Level IDS mechinisms to protect the integrity of host systems. more>>
Saint Jude software is a Project to develop Kernel-Level IDS mechinisms to protect the integrity of host systems.
This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occuring.
This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
Saint Jude exists in the Linux universe as a kernel module. The module should be loaded as soon as possible. The easiest way for thi s to be done is to cause init to load the module before going through the rc scripts, this permits StJude to monitor daemon processes that may be started through the rc scripts, as well as the behavior of the rc scripts themselves.
The use of saint jude will involve compiling the module in two modes: learning mode, and normal mode. Learning mode generates a series of log entries via klogd that will be used to produce a ruleset appropriate for the host system. After the ruleset has been generated, it will replace the default ruleset shipped with StJude, and the module will be compiled in normal mode, where it will enforce the behavior that was modeled during the learning mode.
We will cover how to do the various tasks involved in the following sections.
<<lessThis will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occuring.
This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
Saint Jude exists in the Linux universe as a kernel module. The module should be loaded as soon as possible. The easiest way for thi s to be done is to cause init to load the module before going through the rc scripts, this permits StJude to monitor daemon processes that may be started through the rc scripts, as well as the behavior of the rc scripts themselves.
The use of saint jude will involve compiling the module in two modes: learning mode, and normal mode. Learning mode generates a series of log entries via klogd that will be used to produce a ruleset appropriate for the host system. After the ruleset has been generated, it will replace the default ruleset shipped with StJude, and the module will be compiled in normal mode, where it will enforce the behavior that was modeled during the learning mode.
We will cover how to do the various tasks involved in the following sections.
Download (0.069MB)
Added: 2007-07-31 License: BSD License Price:
817 downloads
netscript 1.7.1
netscript is a multi-platform, lightweight and portable TCP/UDP socket scripting system. more>>
netscript is a multi-platform, lightweight and portable TCP/UDP socket scripting system.
It is intended to automate situations, built on a word-to-word ruleset response system.
It includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support, reverse binding, module support, data truncation, data formatting, permission options, virtual hosting support, history storage, dynamic storage variables, directory placement, character omitting, timed rules, background support, syslog support, routing support, socket options, interactive mode, and graphical user interface support.
Enhancements:
- Added -@, to switch netscript to the UDP protocol.
- Added -^, to switch the route host to the UDP protocol.
- Added -_, to switch the console display to ncurses.
- Added -=, to define alternate button tabs for the (ncurses) gui.
- Added new example rulesets. (udp/ncurses demonstration rulesets)
- Added socket option(s). to be forced to run, even if not defined. to have netscript run smoother.
- Changed the nsansi example module, to support ncurses properly. (will not be active if ncurses is)
- Changed --list, to not evaluate while in privileged mode.
- Fixed some minor bugs, barely worth noting.
<<lessIt is intended to automate situations, built on a word-to-word ruleset response system.
It includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support, reverse binding, module support, data truncation, data formatting, permission options, virtual hosting support, history storage, dynamic storage variables, directory placement, character omitting, timed rules, background support, syslog support, routing support, socket options, interactive mode, and graphical user interface support.
Enhancements:
- Added -@, to switch netscript to the UDP protocol.
- Added -^, to switch the route host to the UDP protocol.
- Added -_, to switch the console display to ncurses.
- Added -=, to define alternate button tabs for the (ncurses) gui.
- Added new example rulesets. (udp/ncurses demonstration rulesets)
- Added socket option(s). to be forced to run, even if not defined. to have netscript run smoother.
- Changed the nsansi example module, to support ncurses properly. (will not be active if ncurses is)
- Changed --list, to not evaluate while in privileged mode.
- Fixed some minor bugs, barely worth noting.
Download (0.46MB)
Added: 2006-09-05 License: Public Domain Price:
1145 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above ruleset search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
