ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
a68a09bc591a1b9b7f96d7c08fef3bf95f413957808bc250c6a9de249c58b420MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
4b3886734324f04fab377511023d5ae0c9dbdbd5db446f455e3c4d58129385f7Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
fc5b9e14dce5c202e0d0b107a8cb86a89cd50094799d6664e3bb0ec26afd7a2eThe Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
ab9891e81ba3cb1b4a27b6137788cdf4cec4118f065ba6d2f8369055d8d6b851ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
9a498d683d07bd810a34575d0cfbf080070540e73c0df70ba09a0a8880e40a98Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
c8ec1e209f4078af675145fc9fdb1be9aadd25080da8cfa2ca372082aa5afd31Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
1bcc19e68e14b708413f9da768c55ffc6991940d1134e29017b7145086ed9a4bIntegrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
edfc18f6b88382a2c7b6d50d62817b6fa12015e4265cfcaf4ba3507c16cc68fbLsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
b0a3b06cdc1bb110b2db01e086838f715ae231fd53fdf6db0ce9617538c43b5fLsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
57df5e8ccc729dafda5c118f31e4b586da09dfbb073877d31f195da1e13bc0a1FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
3cc342bce5b50b9352eb5694dfa6a2051bb69bc67e76e94749595b623ed298daICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
f1298866d59c9b96e7bb19d3dfe4f1744f26f4c02ecd6d04ca8b368d8fb104fbThe Defense Worx Network Intrusion Detection System is a linux based IDS which performs high-speed traffic analysis of a network packet to detect unauthorized traffic in real-time. Includes a Java based console to display alerts.
ad3da316db0a15d616cd904fe0a6d7340984f87c99f0389f23b2572d04bdbd72pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic. Tested on RedHat Linux 6.2j, OpenBSD2.7, FreeBSD 3.3, and NetBSD 1.4.
5992ae6ed8188ba3d71db6f55768563314f3c1fb07c7025082f68fc60549f9efTailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).
2a96784a9afb8679f7fa4e622c6a178b4036a13ca187ff0e17b65eb10371399aFCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
1c92c871739ce9e42cfb6c838ff0171c5bf70e8c9256ed4bdd8ee54aa0f0de32MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
996d69916181777b3e64297f4544d5b06197e886aa2cda2c74853f1e7bec0d6eLibnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. The libnids library offers IP defragmentation, TCP stream assembly and TCP port scan detection. Libnids is highly configurable, reliable, and portable.
49cea0381f1e7168cc2ae62a01e83dac820286af01068069986feb262d9e0eeasamhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
d9ed906ca9c641206d8da7958e625115650b13d904f827efaab285b62ff78ec0Tripwire is a very popular file integrity checker which saves checksums of selected files in a database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email / pager reporting. Databases and reports are cryptographically signed.
f48cf36fb22415dacf82f45381a8dabf6c5d2c8a446ac7c1010b333311b33a49pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic.
29af805ca67b3bcea17adb328ce0e0ab54999d43cde58111dc827ecddb84fa74Check ps is a simple program that runs ps and compares it with its own list. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods.
4637b14d6d2c1c46530c81a8b0005e0aea5fc61f51a174b202d2a364a383b485Shoki is a collection of IDS tools, scripts, and so forth. All the bits together can collect data from sensors, schlep it to a central location for storage, run signature-based and statistical analysis on the data, and load the data into a SQL database. Shoki provides a framework for a distributed system for network traffic analysis among untrusted peers.
904a9c47b41b202a970ca5edc2f7a3fd52e937e4c3bf798ede5865ec6fce332fOpenPorts is a simple script which can be run as a cron job every 5 minutes, checking the open and listening ports on the local system with netstat. If there is a difference since the last time it was run, an e-mail is sent to the system administrator containing the list of new open ports.
60423aeb267755589f09cad6d8bc6946481531a2e80e144bc472f246a53e4ca8The Defense Worx Network Intrusion Detection System is a linux based IDS which performs high-speed traffic analysis of a network packet to detect unauthorized traffic in real-time. Includes a Java based consile to display alerts.
8c8c0dc8c0ecb2d7b168c0b9689384b31c0528488993d812d6a741ea2a889048
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed