Debian repository is available at deb http://www.northernsecurity.net/debian ./
OpenBSD packages and systrace policies are available here.
Information how to verify the kernel patches below is available here.
Note that hese files are unstable unless otherwise noted.
ELE
Bootable Live CD Linux distribution. Have a look here.
Chroot scripts
Only tested on Debian/Ubuntu. Install the application with aptitude or apt-get, run the script and copy the init-file to /etc/init.d/application.
All scripts have been updated to chroot to /var/chroot/application as of 050527. Change your log links accordingly.
Link /var/log/application to /var/chroot/application/var/log/application and verify that the server runs in chroot.
distccd-chroot
distccd-chroot.init
irssi-chroot
privoxy-chroot
privoxy-chroot.init
tor-chroot
tor-chroot.init
Cryptoloop
patch-cryptoloop-jari-2.4.27.0.
SHA1: 373bc8663d0ba117ad2d86c3635df08b1c5eec16
SSP/ProPolice kernel patches
Stand-alone patchs if you want to build the kernel with IBM stack smashing protection.
2.6.0-propolice.patch
SHA1: e18087d57cfbc9cec728b9948717ff6829ceb77d
2.4.26-propolice.patch
SHA1: 5801637058e4499b06bb24bf84344e9438328821
2.4.20-propolice.patch
SHA1: 65b59e62baf8e026be27ad9a9c74bb0e34226bfc
Netdev-random
"This patch lets the user configure whether interrupt timings from network devices contribute to the
kernel entropy pool (/dev/random)."
These patches are also available from kernel.org.
netdev-random-core-2.4.27.patch
SHA1: 366582667731413d5e56fd375908abc92b309354
netdev-random-drivers-2.4.27.patch
SHA1: 29043777b06e42ccd354f5bf811cba251717a6db
netdev-random-core-2.4.24.patch
SHA1: 1d2c90fdae0065b72046fdd0fb8eb4fd4d11ab9b
netdev-random-drivers-2.4.24.patch
SHA1: 3f033aec03edb1057e5d7c6953b2cfd5a222afa2
Increased number of loop-devices
Increases the number of loop-devices from the standard 8 to 24.
increased_loopdev.patch
SHA1: 58f25e740e5e9d220c359e10b68fba351b744b42
Increased size of entropy pools
increased_randompool.patch
SHA1: a85ceda182d118516a03a8389a9d866aa585c725
Vanheusden.com kernel patch
"This patch includes code for the following things: random PID, random port-numbers for IPv4, NAT, IPv6 and
enhanced random-values for networking." This is a forward port of the
vanheusden.com Linux-kernel security patch.
2.4.27-vanheusden.patch
SHA1: 7e2f50e1906015efba3373b5e68ed457c2155286
2.4.26-vanheusden.patch
SHA1: 2cf32721f9f0a2e9018d4d80c0d7e4eb7dc40cb0
Minor diffs
pam-0.72-2.diff
shadow_20000902-12.2.diff
Encswap
Package with scripts and instructions on how to create encrypted swap and /tmp.
Updated 040427.
Encswap
SHA1: 26d95db4af7e176ac336ba24536288882665091b
Security CD 11 (December 2003)
The Swedish Linux Society published a CD containing GNU/Linux security related documentation and programs which I was responsible for.
This CD is however not available any longer, but an online version is at vvv.snugg.net/security/.
Wiper 0.4
Wiper is a simple utility to overwrite the free space of a hdd.
It currently supports one, six, seven and 35 (Gutmann) layers.
Wiper 0.4
SHA1: 9bdee055ea56bd02fc8590018fde7fd891fa3206