Ninja: A Privilege Escalation Detection and Prevention System!

 Privilege escalation is a type of vulnerability, that allows you to gain elevated access to resources that are normally protected from an application or user. As a result a successful exploit grants  elevated privileges to the user that can be used to launch further attacks. So you see that a privileges escalation is a pretty dangerous thing to happen – even more if it were to happen with a local attacker.

Getting back to Ninja, it is a privilege escalation detection and prevention system for GNU/Linux hosts. It does so by monitoring process activity on the local host, and keep track of all processes running as root. If it finds that a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user. Optionally, if you allow certain users to escalate their privileges, you can also set a ‘magic‘ group that is allowed to run any setuid/setgid root executable. Or, you could also use the whitelisting feature provided with Ninja to allow users from certain groups to access privileged programs.

Please read the documents bundled with Ninja before installing as it needs to be configured very carefully!

Download ninja v0.1.3 here.

http://www.forkbomb.org/ninja/src/