Articles in the Forensics category

Gentoo Hardening: Part 4: PaX, RBAC and ClamAV
Grsecurity and Xorg If we enable the "Disable privileged I/O" feature in the hardened kernel and reboot, we can't start X server. That's because Xorg uses privileged I/O operations. We might receive an error like this: # startx xf86EnableIOPorts: failed to set IOPL for I/O (Operation ...
Gentoo Hardening: Part 3: Using Checksec
Checksec The checksec.sh file is a Bash script used to verify which PaX security features are enabled. The latest version can be downloaded with the wget command: # wget http://www.trapkit.de/tools/checksec.sh # chmod +x checksec.s # ./checksec.sh --version checksec v1.5, Tobias Klein, www.trapkit ...
Gentoo Hardening: Part 2: Introduction to PaX and Grsecurity
Configuring PaX with Grsecurity We've already briefly discussed PaX, but now it's time to describe it in detail. PaX provides the following security enhancements: Non-executable memory: Sections that do not contain actual program code are marked as non-executable to prevent jumping to arbitrary location in memory and executing ...
Gentoo Hardening Part 1: Introduction to Hardened Profile
Introduction In this tutorial, we'll talk about how to harden a Linux system to make it more secure. We'll specifically use Gentoo Linux, but the concepts should be fairly similar in other distributions as well. Since the Gentoo Linux is a source distribution (not binary, as most other ...
Using Sandboxes For Hostile Program Analysis
Sandboxes Introduction If you're reading this article, you have probably heard of a sandbox before. But, in case you haven't, I'll provide a quick explanation of what a sandbox really is. It is a technique which we can use to run a possibly malicious program in a ...
Honeypots
1. Introduction Honeypots are special programs that are written for a sole purpose: to be exploited. Honeypots can emulate the existence of the vulnerability, so the attackers, viruses and worms are attracted to this system which appears to be poorly secured. The honeypots collect as much information as they can ...