[[nmn]]

AntiExploit is the first ON-ACCESS exploit-scanner for Linux and FreeBSD. Aexpl can help you to identify local intruders or users who want to harm your or other systems with well known tools.

aexpl uses the dazuko kernel-modul and md5sums (signatures are planed) to identify bad files when they are created or used by listenning to the kernel file systemcalls. So you can immediately interact with the file and fileowner.

AntiExploit was successfully tested under FreeBSD 4.10-RC2, FreeBSD 5.2.1-REL, Debian Woody with Kernel 2.6.6 and Debian Testing with Kernel 2.4.25, SlackWare 9.1 with kernel 2.4.22.


AntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.


Install

1: Download the latest version of AntiExploit
2: Extract the tarball
2: Build and install dazuko (read the readme for further instructions)
3: ./configure [options]
4: make
5: Edit etc/aexpl.conf to fit your needs
5: make install
5: Update your exploit-database (aexpl -u "path to aexpl.conf")
6: Start Aexpl with aexpl -c "path to aexpl.conf" and check the log file

Update Exploit Database

The Exploit-Database is updated daily at 8pm CET and contains sums for over 1900 suspious files, you can download it here or use the -u feature of aexpl.

- exploit.db [ 284k . / 5833 files / Thu Sep 16 19:59:05 CEST 2004 ]

Download: fxp://f*p.hzeroseven.org/pub/h07.org/projects/security/AntiExploit-1.3b3.tar.gz