ninja
Privilege escalation detection system for GNU/Linux
Ninja is a privilege escalation detection and prevention
system for GNU/Linux hosts. While running, it will monitor
process activity on the local host, and keep track of all
processes running as root. If a process is spawned with
UID or GID zero (root), ninja will log necessary information
about this process, and optionally kill the process
if it was spawned by an unauthorized user.
A "magic" group can be specified, allowing members of this
group to run any setuid/setgid root executable.
Individual executables can be whitelisted. Ninja uses a
fine grained whitelist that lets you whitelist executables
on a group and/or user basis. This can be used to allow
specific groups or individual users access to setuid/setgid
root programs, such as su(1) and passwd(1).
Category:
Application versions:
| Attachment | Size | Date |
|---|---|---|
 ninja_0.1.3-2_armel.deb | 19.79 KB | 05/08/2013 - 02:02 |
Changelog:
ninja (0.1.3-2) unstable; urgency=low
* Fixed logrotate file typo. (Closes: #563328).
* Added a default logcheck ignore file. (Closes: #563329).
* Fixed incorrect init script dependencies. (Closes: #567443).
* Changed and fixed initscript. (Closes: #563989).
* Added a preinst script to create a logfile. (Closes: #568780).
Recent comments