AngeL - The Power to protect

In brief, AngeL is a Linux kernel module designed to work with kernel version 2.6.0 or later. The module uses the new Linux Security Module framework to implement security policies without performing any system call interposition. This approach leads to a less intrusive code that means more robust and more easy to read. AngeL uses the rock solid netfilter firewalling facility in order to control all packets leaving your host.

AngeL makes your host unable to send hostile traffic across the network. It also blocks a large number of root compromise attacks and local denial of services, by using hooks provided by LSM framework and perfom sanity checks on the input parameters before allowing or not the requested service.

AngeL was designed with security as a goal. However, it is not AngeL's purpose to defend your host from your network neighbours. AngeL prevents your host from becoming a hostile network node, i.e., it prevents it from sending hostile packets across the network. By "hostile" we mean both malicious (e.g., a remote exploit attempt) and malformed (e.g., with IP or TCP header not properly built) packets. AngeL operates at network level, blocking all outgoing packets that match some well known patterns. This is done, using the Linux kernel firewalling capabilities to capture packets, when packets go through the kernel TCP/IP stack. Outgoing packets are inspected, at header level or at payload level if needed, and a decision is made whether to let them out or not.
AngeL also operates at host level, trapping a set of system calls by means of appropriate wrappers. Such wrappers look for badly formed requests, such as passing a shellcode as parameter to a suid program, or requesting a fork() within an infinite loop. If AngeL accepts the analyzed system call invocation, it calls the original system call, otherwise it refuses the operation to the calling program.

Download

angel-0.50.0.tar.gz