AntiExploit 1.3b6 review
DownloadAntiExploit is the first ON-ACCESS exploit-scanner for Linux and FreeBSD. Aexpl can help you to identify local intruders or users
|
|
AntiExploit is the first ON-ACCESS exploit-scanner for Linux and FreeBSD.
Aexpl can help you to identify local intruders or users who want to harm your or other systems with well known tools.
Aexpl uses the dazuko kernel-module and md5 hashes (signatures are planed) to identify bad files when they are created or used by listenning to the kernel file systemcalls. So you can immediately interact with the file and fileowner.
AntiExploit has been successfully tested with the following configurations:
- FreeBSD 4.10-RC2
- FreeBSD 5.2.1-REL
- Linux 2.6.6 (Debian Woody)
- Linux 2.4.25 (Debian Sarge)
- Linux 2.4.22 (Slackware 9.1)
Install
1: Download the latest version of AntiExploit
2: Extract the tarball
3: Build and install dazuko (read the README for further instructions)
4: ./configure [options]
5: make
6: Edit etc/aexpl.conf to fit your needs
7: make install (use GNU make on FreeBSD)
8: Update your exploit-database (aexpl -u "path to aexpl.conf")
9: Start Aexpl with aexpl -c "path to aexpl.conf" and check the log file
AntiExploit 1.3b6 keywords