AntiExploit is the first ON-ACCESS exploit-scanner for Linux and FreeBSD. It can help you to identify local intruders or users who want to harm your or other systems with well known tools.
AntiExploit uses the dazuko kernel-module and md5 hashes (signatures are planed) to identify bad files when they are created or used by listenning to the kernel file systemcalls. So you can immediately interact with the file and fileowner.
AntiExploit has been successfully tested with the following configurations:
- FreeBSD 4.10-RC2
- FreeBSD 5.2.1-REL
- Linux 2.6.6 (Debian Woody)
- Linux 2.4.25 (Debian Sarge)
- Linux 2.4.22 (Slackware 9.1)
Install
1: Download the latest version of AntiExploit
2: Extract the tarball
3: Build and install dazuko (read the README for further instructions)
4: ./configure [options]
5: make
6: Edit etc/aexpl.conf to fit your needs
7: make install (use GNU make on FreeBSD)
8: Update your exploit-database (aexpl -u "path to aexpl.conf")
9: Start Aexpl with aexpl -c "path to aexpl.conf" and check the log file
Comments not found