Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
b59f8fce17ec94112c407edf3a795fca1fb1f4aa2672c4972cfd8158bdf6f65dLogwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
0fd643ed6ce80f231d2e8aeb0282685d95a821baacdd2963e6c251e0fbff879dBeltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
2d15c7b3b757f83f0d791ef2e19b3418195dee4efcae5dd0157e2db4b9d5c318Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
7657c537a6bc7e2a336650f2d4336be9ccf992a0b360eb1644489a0d3e326f24Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
a378a6338cf70225094a4db783161ff5ebf530f0019fcd6ed9b34099c248e983Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
afd65b77468f5d7bb132b9dfa83a9e49b9e73418d9e3371265b7fbfbfbb80d69Proof of concept code based on the "Polymorphic shellcodes vs. Applications IDS" white paper. It is a Network IDS able to detect shellcodes, even polymorphic ones.
cb7a2a706ec416a16b6507f847b7ec3050f8267b970f310b4ae1bba2188af83eSingle Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
7dad16d66c29a95ba1e3e9264d36977273af7bd19f478539d5b254aa78302492ProSum is a console based program that protects your files, sys_call_table and IDT in a manor similar to tripwire (All in user space, without kernel modules). In addition, database with files etc. could be encrypted with Blowfish algorithm and files that are protected could be store at any secure/bastion host to later replace them. ProSum could be run on any UNIX system, at least with file protect mode (without IDT and sys_call_table support).
72b66e29a6d697c84d82391457a17f67d1d3d3851b90c8852fb58ad13688aaf1Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
cc25fccf7ed25fb375d00c621b6dfee54ded352cf253b9b4d100b1279c27857aLibnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
5639fc9256c8b335e9756b11aac789529d11214de4c4db81fc0b54ec2f2579a6Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
b29cdf617272528050d7c6a56f3b81e73bc4b8d10fb00c36bb836d516a8b9ed2Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
6c2bba2937cdbe45c044fa15d5a6a702dee80dfa2c0f7f66611d3fe20ca4b282Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
5fd33f6e59d36461dc673f8f8a58b32cbb4aaead2d9e78b2009b07b7357d9f13Prelude NIDS is the network sensor part of the Prelude Hybrid IDS suite. It provides network monitoring with fast pattern matching (Boyer-Moore) to detect attacks against a network. Includes protocol and detection analysis plugins featuring Telnet, RPC, HTTP, and FTP decoding and preprocessors for cross-platform polymorphic shellcodes detection, ARP misuse detection, and scanning detection. It supports IP fragmentation and TCP segmentation to track connections and detect stateful events.
ca96ec7fdf581ae50704cdd1534c035a1dbd4684cdd86d052c10242b50a890e6Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
41e664afd9d562cf8958ebb2cbb3551a0dd0b56b359765252162270de6660d1eFirestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
e93123485333da8b54d632f5ec9c863eb29a49e584a917517507750a6aefcb26Tcpreplay v1.2 - Tcpreplay is a set of tools aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
057068ea8ded353c7910c2c940842c04bf213fedd43e58b902125c578c66ab1fSingle Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
f5e62c5a90684667ed1cb1875d4d7fcb6e0400f740888c294334eb1a48c3e570Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
71953be88fe40dd10108080de26dbd1c1ec9589f541747989be8d856255bcd05Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
ffa74ffac9f6fd324dc72211172b17144efed59f789ab45f7eecfb30df33a226Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
7720fceff4e2052bd743ba4c6d29110e7fde5dc3615c90189669e0bbf07a24e8ClownIDS v1.0 verifies the md5 checksums of files and mails the admin and runs scripts when a problem is found.
db4e0cada39f0e39c5956c78aabb2715bfd2c2c20424edcaa0f4dda27a2166d0Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
b0a88b449253c7c50702f211df80b74c34cf121804e38f475ff70a2f9b099870Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
298794e2cf9d6abfa7c29c30582db1988cec10ea7123f8b7f3fb6b9c7b1ea774
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed