About the Book
Please note that the content of this book primarily consists of articles available from Wikipedia or other free sources online. Pages: 56. Chapters: Linux security software, GNU Privacy Guard, Security-Enhanced Linux, PaX, TrueCrypt, AVG, BitDefender, Avast!, Iptables, BoKS, Syslog-ng, Grsecurity, AppArmor, Nagios, Nessus, BeyondTrust, EnGarde Secure Linux, Fail2ban, P0f, Pentoo, Linux-VServer, Ksplice, Distributed Access Control System, OSSEC, Symantec Endpoint Protection, Network Security Toolkit, SafeSquid, Exec Shield, Snort, RSBAC, Tiger, DansGuardian, Systrace, TOMOYO Linux, Crack, Nftables, Authbind, Snare, TextCrypt, Srm, Cryptmount, Portmap, OSSIM, Md5sum, Shred, Ipchains, Suricata, TCP Gender Changer, Multi categories security, The Sleuth Kit, Simplified Mandatory Access Control Kernel, X-Wrt, Prelude Hybrid IDS, SuEXEC, Ntop, Xymon, Selective file dumper, Thresh, Firestarter, Open Source Tripwire, Advanced Intrusion Detection Environment, Chkrootkit, Linux Unified Key Setup, Xinetd, The Coroner's Toolkit, OPIE Authentication System, Rkhunter, Sha1sum, Bro, Lynis, Linux Intrusion Detection System, Sguil, Damn Vulnerable Linux, Libipq, FLASK, OssimPlanet, Samhain, Lorcon, Arpwatch, NetTop, Crypto API, LinuxShield. Excerpt: PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000. PaX flags data memory as non-executable, program memory as non-writable and randomly arranges the program memory. This effectively prevents many security exploits, such as some kinds of buffer overflows. The former prevents direct code execution absolutely, while the latter makes so-called return-to-libc (ret2libc) attacks difficult to exploit, relying on luck to succeed, but doesn't prevent variables and pointers overwriting. PaX is maintained by The PaX Team, who...
