TrojanProof for 3.2

Contributed by jose on 2002-12-18 from the hardened dept.

The guys at TrojanProof have released their modifications for 3.2-release. While available for free, for a small fee support can be purchased . Packages for 3.2 are available ( PGP signed of course) for download now.

TrojanProof offers enhanced security through a variety of mechanisms. Note that you can couple this to systrace for extra security.

TrojanProof is not an official OpenBSD project and modifies the system to a state where it is no longer supported by the official project. Also note that these are experimenal changes and should be tested on development boxes before deployment on production servers.

(Comments are closed)

Comments

By Anonymous Coward () on 2002-12-18 02:00

I wish there were a version of the OpenBSD kernel that could be compiled with a PGP key, and then it can _only_ execute binaries that have been signed with that key. That would be a big step forward in trojan-proofing the system.
Of course that would require an implementation of OpenPGP which could be linked in the kernel, and nothing like that exists yet, so it would not be so easy to do.
By RC () on 2002-12-18 03:31

Would someone fill me in on why this a so great?

Check the sigs of everything you download. Mount your important folders (/bin:/sbin:/usr) read-only OR use chflags to set each of the programs as immutable.
By Anonymous Coward () on 2002-12-18 17:23

I would rather have an official openbsd maintained faq on how to lockdown your server that is relevant to the current release. yeah the articles at geodsoft are useful, but it was written sometime around what? release 3.0 or something? how do i know everything there still applies to recent versions? how do i know there weren't a few things added since 3.0 that weren't discussed in the article?

i know an admin has to do his homework and noone is gonna hold my hand, but a starting point might be nice. (after all thats what the offical faqs are... a starting point to get you on the road to understanding the system better.)

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (9)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]