Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Mar 2013 17:51:19 -0400
From: Corey Bryant <coreyb@...ux.vnet.ibm.com>
To: Tim Brown <tmb@...35.com>
CC: oss-security@...ts.openwall.com
Subject: Re: Re: [kernel-hardening] Security vulnerability
 tools



On 03/27/2013 03:58 PM, Tim Brown wrote:
> On Wednesday 27 Mar 2013 19:54:04 Corey Bryant wrote:
>> Hi,
>>
>> I'd like to get a better understanding of tools used in the open source
>> community (kernel and user space) to detect security vulnerabilities.
>>
>> I have a list below to get started.  If anyone has any input, I'd
>> appreciate it!
>>
>> I'll plan on updating http://oss-security.openwall.org/wiki/tools with
>> anything it doesn't already have.
>>
>
> Hey Corey,
>
> One you might want to add is unix-privesc-check from myself, @inquisb and
> @pentestmonkey.  There are two versions in existence:
>
> 1.x - @pentestmonkey's quick and dirty with some hacks by me
> trunk - a full blown privesc check framework designed by me with contributions
> from the other two, it has multiple modes of operation, a standard library
> which can be leveraged for new checks and (already) enhanced capabilities.
> Its not perfect yet, I still need to clean it up and port it to the commercial
> UNIX platforms we support but it should give a good idea of where we're going
>
> Once I've stabilised the API of trunk, it will become 2.x and we'll open it up
> formerly for contributions.
>
> It's on Google Code if people want to take a look:
>
> * http://code.google.com/p/unix-privesc-check
>
> Tim
>

Thanks Tim.  Sounds nice.  This is the first security audit tool on the 
list so if we could add more in this category that would be nice.

-- 
Regards,
Corey Bryant

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ