OpenBSD Journal

TrojanProof for 3.2

Contributed by jose on from the hardened dept.

The guys at TrojanProof have released their modifications for 3.2-release. While available for free, for a small fee support can be purchased . Packages for 3.2 are available ( PGP signed of course) for download now.

TrojanProof offers enhanced security through a variety of mechanisms. Note that you can couple this to systrace for extra security.

TrojanProof is not an official OpenBSD project and modifies the system to a state where it is no longer supported by the official project. Also note that these are experimenal changes and should be tested on development boxes before deployment on production servers.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    I wish there were a version of the OpenBSD kernel that could be compiled with a PGP key, and then it can _only_ execute binaries that have been signed with that key. That would be a big step forward in trojan-proofing the system.

    Of course that would require an implementation of OpenPGP which could be linked in the kernel, and nothing like that exists yet, so it would not be so easy to do.

  2. By RC () on

    Would someone fill me in on why this a so great?

    Check the sigs of everything you download. Mount your important folders (/bin:/sbin:/usr) read-only OR use chflags to set each of the programs as immutable.

  3. By Anonymous Coward () on

    I would rather have an official openbsd maintained faq on how to lockdown your server that is relevant to the current release. yeah the articles at geodsoft are useful, but it was written sometime around what? release 3.0 or something? how do i know everything there still applies to recent versions? how do i know there weren't a few things added since 3.0 that weren't discussed in the article?

    i know an admin has to do his homework and noone is gonna hold my hand, but a starting point might be nice. (after all thats what the offical faqs are... a starting point to get you on the road to understanding the system better.)

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]