ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
a68a09bc591a1b9b7f96d7c08fef3bf95f413957808bc250c6a9de249c58b420
MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
4b3886734324f04fab377511023d5ae0c9dbdbd5db446f455e3c4d58129385f7
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
fc5b9e14dce5c202e0d0b107a8cb86a89cd50094799d6664e3bb0ec26afd7a2e
The Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
ab9891e81ba3cb1b4a27b6137788cdf4cec4118f065ba6d2f8369055d8d6b851
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
9a498d683d07bd810a34575d0cfbf080070540e73c0df70ba09a0a8880e40a98
Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
c8ec1e209f4078af675145fc9fdb1be9aadd25080da8cfa2ca372082aa5afd31
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
1bcc19e68e14b708413f9da768c55ffc6991940d1134e29017b7145086ed9a4b
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
edfc18f6b88382a2c7b6d50d62817b6fa12015e4265cfcaf4ba3507c16cc68fb
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
b0a3b06cdc1bb110b2db01e086838f715ae231fd53fdf6db0ce9617538c43b5f
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
57df5e8ccc729dafda5c118f31e4b586da09dfbb073877d31f195da1e13bc0a1
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
3cc342bce5b50b9352eb5694dfa6a2051bb69bc67e76e94749595b623ed298da
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
f1298866d59c9b96e7bb19d3dfe4f1744f26f4c02ecd6d04ca8b368d8fb104fb
The Defense Worx Network Intrusion Detection System is a linux based IDS which performs high-speed traffic analysis of a network packet to detect unauthorized traffic in real-time. Includes a Java based console to display alerts.
ad3da316db0a15d616cd904fe0a6d7340984f87c99f0389f23b2572d04bdbd72
pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic. Tested on RedHat Linux 6.2j, OpenBSD2.7, FreeBSD 3.3, and NetBSD 1.4.
5992ae6ed8188ba3d71db6f55768563314f3c1fb07c7025082f68fc60549f9ef
Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).
2a96784a9afb8679f7fa4e622c6a178b4036a13ca187ff0e17b65eb10371399a
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
1c92c871739ce9e42cfb6c838ff0171c5bf70e8c9256ed4bdd8ee54aa0f0de32
MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
996d69916181777b3e64297f4544d5b06197e886aa2cda2c74853f1e7bec0d6e
Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. The libnids library offers IP defragmentation, TCP stream assembly and TCP port scan detection. Libnids is highly configurable, reliable, and portable.
49cea0381f1e7168cc2ae62a01e83dac820286af01068069986feb262d9e0eea
samhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
d9ed906ca9c641206d8da7958e625115650b13d904f827efaab285b62ff78ec0
Tripwire is a very popular file integrity checker which saves checksums of selected files in a database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email / pager reporting. Databases and reports are cryptographically signed.
f48cf36fb22415dacf82f45381a8dabf6c5d2c8a446ac7c1010b333311b33a49
pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic.
29af805ca67b3bcea17adb328ce0e0ab54999d43cde58111dc827ecddb84fa74
Check ps is a simple program that runs ps and compares it with its own list. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods.
4637b14d6d2c1c46530c81a8b0005e0aea5fc61f51a174b202d2a364a383b485
Shoki is a collection of IDS tools, scripts, and so forth. All the bits together can collect data from sensors, schlep it to a central location for storage, run signature-based and statistical analysis on the data, and load the data into a SQL database. Shoki provides a framework for a distributed system for network traffic analysis among untrusted peers.
904a9c47b41b202a970ca5edc2f7a3fd52e937e4c3bf798ede5865ec6fce332f
OpenPorts is a simple script which can be run as a cron job every 5 minutes, checking the open and listening ports on the local system with netstat. If there is a difference since the last time it was run, an e-mail is sent to the system administrator containing the list of new open ports.
60423aeb267755589f09cad6d8bc6946481531a2e80e144bc472f246a53e4ca8
The Defense Worx Network Intrusion Detection System is a linux based IDS which performs high-speed traffic analysis of a network packet to detect unauthorized traffic in real-time. Includes a Java based consile to display alerts.
8c8c0dc8c0ecb2d7b168c0b9689384b31c0528488993d812d6a741ea2a889048