Login or Register to Ask a Question and Join Our Community


Software Releases - RSS News

samhain 2.5.2 (Default branch)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Software Releases - RSS News samhain 2.5.2 (Default branch)
# 1  
Old 01-29-2009
samhain 2.5.2 (Default branch)
samhain is a daemon that can check file integrity, search the file tree for SUID files, and detect kernel module rootkits (Linux only). It can be used either standalone or as a client/server system for centralized monitoring, with strong (192-bit AES) encryption for client/server connections and the option to store databases and configuration files on the server. For tamper resistance, it supports signed database/configuration files and signed reports/audit logs. It has been tested on Linux, FreeBSD, Solaris, AIX, HP-UX, and Unixware. License: GNU General Public License (GPL) Changes:
This release provides a new option to avoid reports for timestamp changes on directories. For open ports, PID is determined now, and reporting of open ports to prelude has been improved. A bug has been fixed that could cause truncation of the reported file size upon entering into an RDBMS, and some build problems have been fixed. Image

Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT HPUX

nfs_portmon

nfs_portmon(5)							File Formats Manual						    nfs_portmon(5)

NAME

       nfs_portmon - enable/disable the NFS server's source port verification check

VALUES

   Failsafe
   Default
   Allowed values
DESCRIPTION

       controls  some  security  checking that the NFS server can do in an attempt to enforce integrity on the part of its clients. The NFS server
       can check to see whether the source port from which a request was sent is a reserved port; a reserved port is a port whose port	number	is
       less  then  1024.  For BSD-based systems, these ports are reserved for processes being run by privileged users. This checking helps prevent
       users from writing their own RPC-based applications which defeat the access checking that the NFS server uses.

   Who Is Expected to Change This Tunable?
       The distributed file system administrator should examine the value of this parameter if he or she wishes to prevent  malicious  users  from
       gaining access to files by using an NFS server they would not ordinarily be able to access.

   Restrictions on Changing
       The tunable is dynamic; any change will take effect immediately on the running system.

       The reserved port notion is not universally supported. Therefore, interoperability problems might result if this checking is enabled.

   What Are the Side Effects of Enabling This Check?
       Some NFS clients may not be able to connect to the NFS server.

WARNINGS

       All  HP-UX kernel tunable parameters are release specific.  This parameter may be removed or have its meaning changed in future releases of
       HP-UX.

       Installation of optional kernel software, from HP or other vendors, may cause changes to tunable  parameter  values.   After  installation,
       some  tunable  parameters may no longer be at the default or recommended values.  For information about the effects of installation on tun-
       able values, consult the documentation for the kernel software being installed.	For information about optional kernel  software  that  was
       factory installed on your system, see at

AUTHOR

       was developed by Sun Microsystems, Inc.

SEE ALSO

       kctune(1M), sam(1M), gettune(2), settune(2).

							     Tunable Kernel Parameters						    nfs_portmon(5)