Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
b59f8fce17ec94112c407edf3a795fca1fb1f4aa2672c4972cfd8158bdf6f65d
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
0fd643ed6ce80f231d2e8aeb0282685d95a821baacdd2963e6c251e0fbff879d
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
2d15c7b3b757f83f0d791ef2e19b3418195dee4efcae5dd0157e2db4b9d5c318
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
7657c537a6bc7e2a336650f2d4336be9ccf992a0b360eb1644489a0d3e326f24
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
a378a6338cf70225094a4db783161ff5ebf530f0019fcd6ed9b34099c248e983
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
afd65b77468f5d7bb132b9dfa83a9e49b9e73418d9e3371265b7fbfbfbb80d69
Proof of concept code based on the "Polymorphic shellcodes vs. Applications IDS" white paper. It is a Network IDS able to detect shellcodes, even polymorphic ones.
cb7a2a706ec416a16b6507f847b7ec3050f8267b970f310b4ae1bba2188af83e
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
7dad16d66c29a95ba1e3e9264d36977273af7bd19f478539d5b254aa78302492
ProSum is a console based program that protects your files, sys_call_table and IDT in a manor similar to tripwire (All in user space, without kernel modules). In addition, database with files etc. could be encrypted with Blowfish algorithm and files that are protected could be store at any secure/bastion host to later replace them. ProSum could be run on any UNIX system, at least with file protect mode (without IDT and sys_call_table support).
72b66e29a6d697c84d82391457a17f67d1d3d3851b90c8852fb58ad13688aaf1
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
cc25fccf7ed25fb375d00c621b6dfee54ded352cf253b9b4d100b1279c27857a
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
5639fc9256c8b335e9756b11aac789529d11214de4c4db81fc0b54ec2f2579a6
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
b29cdf617272528050d7c6a56f3b81e73bc4b8d10fb00c36bb836d516a8b9ed2
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
6c2bba2937cdbe45c044fa15d5a6a702dee80dfa2c0f7f66611d3fe20ca4b282
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
5fd33f6e59d36461dc673f8f8a58b32cbb4aaead2d9e78b2009b07b7357d9f13
Prelude NIDS is the network sensor part of the Prelude Hybrid IDS suite. It provides network monitoring with fast pattern matching (Boyer-Moore) to detect attacks against a network. Includes protocol and detection analysis plugins featuring Telnet, RPC, HTTP, and FTP decoding and preprocessors for cross-platform polymorphic shellcodes detection, ARP misuse detection, and scanning detection. It supports IP fragmentation and TCP segmentation to track connections and detect stateful events.
ca96ec7fdf581ae50704cdd1534c035a1dbd4684cdd86d052c10242b50a890e6
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
41e664afd9d562cf8958ebb2cbb3551a0dd0b56b359765252162270de6660d1e
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
e93123485333da8b54d632f5ec9c863eb29a49e584a917517507750a6aefcb26
Tcpreplay v1.2 - Tcpreplay is a set of tools aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
057068ea8ded353c7910c2c940842c04bf213fedd43e58b902125c578c66ab1f
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
f5e62c5a90684667ed1cb1875d4d7fcb6e0400f740888c294334eb1a48c3e570
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
71953be88fe40dd10108080de26dbd1c1ec9589f541747989be8d856255bcd05
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
ffa74ffac9f6fd324dc72211172b17144efed59f789ab45f7eecfb30df33a226
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
7720fceff4e2052bd743ba4c6d29110e7fde5dc3615c90189669e0bbf07a24e8
ClownIDS v1.0 verifies the md5 checksums of files and mails the admin and runs scripts when a problem is found.
db4e0cada39f0e39c5956c78aabb2715bfd2c2c20424edcaa0f4dda27a2166d0
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
b0a88b449253c7c50702f211df80b74c34cf121804e38f475ff70a2f9b099870
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
298794e2cf9d6abfa7c29c30582db1988cec10ea7123f8b7f3fb6b9c7b1ea774