Stephanie for OpenBSD 3.6 ------------------------- Introduction ------------ Stephanie is an OpenBSD hardening tool. It's compiled of kernel and userland patches that when used add several security features. In this version included are: - Vexec: Verify file integrity before executing/opening it. - TPE: Prevent untrusted users executing files in untrusted locations. - Privacy: Privacy extensions for various programs. What's new? ----------- - Vexec: Mostly rewritten. Now uses hash tables to store data, introducing O(1) performance in best case and O(n) where 'n' is number of inodes that produce same hash on a given device in worst case. Noting the recent collision discovery in SHA-0, it's worth mentioning that Vexec offers 6 hash types (MD5, SHA1, SHA256, SHA384, SHA512, and RMD160 - all hash types supported by the OpenBSD 3.6 kernel) and it's design allows easy extensions for adding new hash types, if required. (read NEW_HASH) - Privacy: More privacy features. Namely, there are hooks in netstat, w, who, last, and finger. The output is filtered according to the features status. - The trustcheck(2) syscall has been removed; now interaction with Stephanie's settings - including trust status of current process - is done solely using sysctl. License ------- Stephanie for OpenBSD 3.6 is mostly a rewrite. BSD-licensed code from NetBSD and Brett Lymn is no longer in use, so Stephanie moves to an ISC-style license, available in http://ethernet.org/~brian/Stephanie/doc/LICENSE Download -------- Stephanie for OpenBSD 3.6 can be downloaded from its official homepage at http://ethernet.org/~brian/Stephanie/ Support ------- Please mail me with any questions, comments, bugs, and feedback in general. Remember - DO NOT MAIL OPENBSD MAILING LISTS WITH QUESTIONS ABOUT STEPHANIE! unless you really want to. Anyway, CC me if you do. Make sure you've read stephanie(7) after installation is complete. Credits ------- Stephanie for OpenBSD 3.6 was written and is maintained by br1an. Send your feedback to . Thanks to Eli Klein, Rod Cordova, and super.