Stephanie for OpenBSD 3.6

Stephanie is an OpenBSD hardening package; Viagra for the blowfish, if you will. It adds several security features not present in OpenBSD that many admins and users would like on their systems. Stephanie contains features both for compromise prevention and post-compromise damage reduce; or, last line of defense.

Stephanie for OpenBSD 3.6 has the following features:

Trusted users. Stephanie allows you to dynamically set a group as the 'currently trusted group.' This means you can maintain trust simply by adding or removing users from a group.
Vexec. Integrity verification of executed programs, memory mapped objects, and opened files. Completely revamped from earlier versions, now using hash tables. Supports MD5, SHA1, SHA256, SHA384, SHA512, and RMD160.
TPE; Trusted Path Execution. Prevent execution of files located in paths defined as 'untrusted.' (not owned and writable by root only)
Process privacy. Prevent processes from obtaining information about other processes, where the owner differs. (affects output of programs using sysctl's KERN_PROC) Also plugs into procfs.
Userland privacy. Plugs to various programs, preventing users from obtaining information such as online users, login/logout times, filtered netstat output...

DOWNLOAD NOW!
Read Stephanie related news. (last update: April 26, 2005 - END OF THE STEPHANIE PROJECT)

Support & bugs:
The code went under tremendous efforts to be efficient and secure. If you get crashes, panics, hangs, or anything else that you think you shouldn't, after making sure it's only reproducable on GENERIC kernels patched with Stephanie, mail me. Don't mail OpenBSD related mailing lists -- they have enough bugs to deal with as it is. ;)

Performance issues:
A while ago I read Stephanie hurts the performance of computers running it. Here's my breakdown of the components Stephanie is compiled of, and what you can expect from each.

If the 'performance hit' Stephanie introduces (heh) is something you can't afford to take, I'd like to hear about it.

Documentation:
Stephanie for OpenBSD 3.6 has a detailed installation guide aswell as a script for automating (most of the) installation on freshly-installed OpenBSD 3.6 machines.

Online documents are available: README, INSTALL, stephanie(7), vexecctl(8), vexec.conf(5), vexec(4).

License:
Stephanie is distributed under an ISC-style license.

Download:
Stephanie-3.6.tar.gz is the latest version, including everything you need to get started.

Credits:
Stephanie for OpenBSD 3.6 was written by Elad Efrat.
Thanks to PaX Team, Eli Klein, Rod Cordova, super, Morr, Freerange.

"And here I was thinking that Stephanie was a hot chick... And then I get some freak-ass looking water maggot."

Support & bugs: The code went under tremendous efforts to be efficient and secure. If you get crashes, panics, hangs, or anything else that you think you shouldn't, after making sure it's only reproducable on GENERIC kernels patched with Stephanie, mail me. Don't mail OpenBSD related mailing lists -- they have enough bugs to deal with as it is. ;)		Performance issues: A while ago I read Stephanie hurts the performance of computers running it. Here's my breakdown of the components Stephanie is compiled of, and what you can expect from each. If the 'performance hit' Stephanie introduces (heh) is something you can't afford to take, I'd like to hear about it.

Documentation: Stephanie for OpenBSD 3.6 has a detailed installation guide aswell as a script for automating (most of the) installation on freshly-installed OpenBSD 3.6 machines. Online documents are available: README, INSTALL, stephanie(7), vexecctl(8), vexec.conf(5), vexec(4).		License: Stephanie is distributed under an ISC-style license.

Download: Stephanie-3.6.tar.gz is the latest version, including everything you need to get started.		Credits: Stephanie for OpenBSD 3.6 was written by Elad Efrat. Thanks to PaX Team, Eli Klein, Rod Cordova, super, Morr, Freerange.