The Defense Worx Network Intrusion Detection System is a linux based IDS which performs high-speed traffic analysis of a network packet to detect unauthorized traffic in real-time. Includes a Java based consile to display alerts.
8c8c0dc8c0ecb2d7b168c0b9689384b31c0528488993d812d6a741ea2a889048
samhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
05bcb5c628550e899a35271dbf30846efc2a0a63a58ff46493819bb6fc95698c
Claymore v0.3 is an intrusion detection and integrity monitoring system. To accomplish its task, it runs from cron and reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses.
06701ba8c09c935d0edafbc748a756d38164c63e1a93ae9b4b8fbc2a558da32b
Filewatch is a perl script which watches the CTIME of your files and alerts you to any changes.
e9b0b9efd07c128e57f46f40b0b2e0a783de6b4293eef730676aacb551c53e92
Lsof is an extremely powerfiul unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
dbf618652685f94befe85ab1fcbe56c7cc178f174f75e966f269a3b022932bf9
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
d25efdc2feef00c7f9b17bccb9501ea7f991488871a532aec5de224094d535cd
Landmine Fileutils is a modified fileutils package for Linux which logs the arguments used for execution to syslog. Includes patched copies of chmod, chgrp, chown, cp, dir, ln, ls, mkdir, mv, rm, rmdir, and touch.
9f11e852afc06b51af7fb9e02d8233d8d7e2f5dd98943dca6282d871e28eaa70
Secure Files 0.1b is a security tool that checks system integrity by comparing the MD5 checksums of flagged files against their earlier recorded checksums.
caad669b0b465c73e0613d69b59ad4a8753e02d3a078318bc637439fcf97fe34
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
bccef5c80d698caf2fa933ba5e6b844e5c373fe98a6d87327521a73e86cb632a
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
514d306db836a86d3801aa340487882f8feb7be7f580769d2729832e7c3731c5
samhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
53da78706a18ff4dce9b0ee37a60fe8df981b1076074833d5e55def8f98a32c2
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convinient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you don't have to build low-level network code. If you decide to use libnids, you have got E-component ready - you can focus on implementing other parts of NIDS.
8bce851ef10447e005e43e980935808d2de410a94b8e95667bb174cddd7b0c79
Lsof is an extremely powerfiul unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
cba979b649e12b0f5b3b05c196e31d6ea1f8a43d81ac109c8be92cc7e1977e16
Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.
221564dbdf503990e6e14803a1df0c735c61fa6069ebc56a57a8fba9ac22e4f4
Audit is a script which will record any changes to files on your machine by generating a checksum for each file in the directories scanned. It was built with simplicity and ease of use in mind, comes with a GUI, and has a reasonable set of defaults in place out of the box.
60b0c2023ee26f7321e8195b81af3670fbe5aa6f69ef6161898daf59b61fb8c5
A perl script that passively fingerprints OSes based on signatures.
442d7be25254eff7136ab3b7b09ea398f149d705e590c03f1095017b55f1771c
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
610841fb570d981144819861826946c135519cacd58d9a663cca8b9cccf9b0d9
Trappa detects a CGI scan and sends an alert message to syslog with the attackers IP+Web Browser. Works by installing decoy CGI scripts in the cgi-bin directory.
c5c64cf21cb54d301d687c4e4ae90ee357c72612a0dca2803565578308d4a6ee
Secure Worx (TM) Network Intrusion Detection System - The intrusion detection system is a network based system that performs high-speed traffic analysis of the content and context of a network packet to detect unauthorized traffic in real-time. It has inexpensive hardware and OS requirements. The intrusion detection system runs on a Intel Pentium class compatible processor with a 10/100 Ethernet card running the Linux OS with kernel 2.2 and above with a configured TCP/IP stack. The installation process involves running an installation script that asks a few simple questions. It is then a simple matter of starting the software and your network is then searched for anomalous activity.
faea89ee797f3f11988cce474a14e1abb795054d5e4a03ec5804ff43884cdee8
The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
2707d108aa34be6d15b939d6e07fd00586e3b50f6bcb2e2ddeecb06a9e8e9ab4
The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
02e142e7a8a5cfef8d6e749c0d6701a73239b098fd104c2605164562580266ef
The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
6d5ba58d987fc714aa42799e13604eb61ef54d01b82002d7c9878e095880635b
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
fb3737c1c6d920726f78f8eb8ca0423876e061872907a6ac44797d57c526954d
The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
18806ab69e48a986029b36c10e8f6b0206d3907890b5838438dfe6f443e204f2
Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information and notify you via email.
409e621c83ac8b2026f4e2d0140e0b0918baa58a851e5bcce19f32ce0b1942dd