nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
010142ce00991528e4574140d8f28405e7b861e6f089ed82898daee29a17273d
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
c44df76e0243a39a2e20929811f25408efeebda1bab7c75378e8138c85488077
Samhain (development branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6. The devel version has more advanced features, but not all options are thoroughly tested yet.
2b26539157d7d860474fdc522cb212ec6d4b3a32f4400304c6a57f6bf867402f
SF (securefiles) is a local intrusion detection system (IDS) which will get the hashes for the specified files and create a database which is then then it is encrypted with AES. The executable checks itself, and a phrase is displayed (we select it on the installation) every time the program run successfully.
3149931855b0aa87c4b6852889675d677b6c52f94dc9e41de421798f404d911a
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
14bfbb77c591e461df226ab6cf3bf3e88bb05b6b3ae04d348f44d007fd0bf10c
Samhain (development branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6. The devel version has more advanced features, but not all options are thoroughly tested yet.
5d1dad7c0b0a2a4dd188767a5f3f037cf9749b1bb98b06900f7c8d21c445aba1
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
20bede6af359e9b2e9e2c464bd4e26ce16d488d584ffb85add31d8c501381a07
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
6feda35afe8a18ce578080c77f7a2f91d4a84d46bdb43ac7788feb8c64552cba
Sentinel is a fast file integrity checker similar to Tripwire or ViperDB with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database.
5fd4cedb481fb37ba5e0c4cedf76af09d5bb6fd958d27a817f21132886c5c9a1
Samhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6. The stable version does not support all features that are mentioned in the summary. Client/Server communication is not encrypted, and wildcard patterns for filenames are not supported.
95b8dc0feb825c5838066c1efa265cacbdb56ba1ec54e264939c3b70b8099cd9
Samhain (development branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6. The devel version has more advanced features, but not all options are thoroughly tested yet.
59110c9b17c7a9e01f591414e5ac61ae4abf9a086b8ddef3f20dec0cb95804c0
Attackwatch is intended to enhance the security of small private networks that are already protected by a restrictively configured firewall but which still have a few ports open. Attackwatch will analyze the firewall output in near-realtime and will run scripts in response to incoming packets that got logged.
0316aef9a7258b5cb0b6a35451300ac411dc50becc8b986cdb22034bc221f0a0
Check-ps is a program that is designed to detect rootkit versions of ps that fail to tell you about selected processes. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods. You are encouraged to check the signatures, available here.
b1c08424547c197563f6641aee28b0b9450246b337ba74064bd85a9711b9b8a1
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
2b5754c7e622dddba5c5a239bc5a2d98728bd9c47f904ac552bc93a627dffe31
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
09a63845ac98e809c95542526a65794687886f028534896e431f63e0814e1bc4
Riley is a file integrity checker written in Perl, somewhat similar to Tripwire.
0003d72c1eadfdc96f434b6d85ce289d6f291acc228f773f009cdfecb5b6b4cc
Sentinel is a fast file integrity checker similar to Tripwire or ViperDB with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database.
99707698a2a7d4bd78f5f2d02cf28df6ed1cc818d354adea561001735cac2a5b
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
7586fdf2b2be87916768c7d10baaa36b29608cb4bde146ce3e9a228ca9029385
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
f729531a492d04be06ca697599161e6844352023230474180464d8d06a3c189f
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
668359b668a71b61438b1ab2f12daabe3a31ac1b11e9dd4fdf840819bce81d6a
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
3cb38576519cd7ae00a09aa9a3652653cfedf7ce8409a1a400538db02dec7f83
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
9beeb32344be8185db433775f799de2b79b2dddd9a21ba40738b083810070ddc
Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
d339fbc093ce9e9f0c98fa2b454735bb2c13613103d6edcfcce57dbd3a394d2a
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
990646118fc67738df6e20049f2f0b490c9268689ad4d8830bf778393b11b9a2
Mod_Id is an interesting Apache Module which is an IDS system watching for suspicious URL's.
e611f4ddfa50d863dbee64de332fb55bda3cc532ddfaa9b45fa3e423d83b4d3d