Lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system.
78fa7d515c0fec04c226609c590bba0b6806da8612b1609d77d70ddb0db9adf3Samhain is a tool for monitoring the integrity of files on a single machine as well as on a network. It is easy to configure and maintains a single database (per host) for storing the signatures of files. Samhain is designed to be run as a background process, checking files periodically against the database. Reports can be written to a signed, tamper-resistant log file, and/or sent offsite by e-mail. To monitor several machines and collect data by a central log server, samhain may be used as a client/server application. For the paranoid, a 'stealth' option is available.
7e6a44873d79298b027d90259ecc248e8b444f798ef7d93fc219650ce7306cc7logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.
21fea4e03efe6f7b0246e5cbaf9b643e3c5d2c9a8e3c0eab39498b35004142a8TTYSnoop allows you to snoop on login tty's through another tty-device or pseudo-tty. The snoop-tty becomes a 'clone' of the original tty, redirecting both input and output from/to it.
645f9c174f2d1785a2f333a585175212ba3e8911c69e62d555fc2ab92dd815d8Network Promiscuous Ethernet Detector, rewriten with Libnet/libpcap so it works on FreeBSD, OpenBSD, and linux, possibly more. neped scans your subnet and detects promiscuous boxes that might be running sniffers or similar applications, using hacked ARPs (non broadcast), only listened by promiscuous ethernets.
13ae8d3a11fae60402ab6957375f70e36f63594d0a78cf2adabdb15ea22ae9fbAnalyze your syslogs for security or system problems by creating a list of normal behaviour to ignore; everything else is something you should be aware of. Requires perl 5.
a4626676b5ffe216cedb28247dbad441c03e97009db3d8215c2b82542511f0datoscin is a basic IDS system that uses packet filtering to warn against possible attacks against specified services. It basically watches the local network for SYN connections to certain services, and sends notification. Solaris 2.x possibly others.
06069c45e5ec8ef33117592147cdfc24c37a3cc99b890a120d02decafdc6d6fcThis linux tool is more an early warning system than IDS. it scans system logs for signs of intrusion in real time. produces colored output on the tty, sends alerts and regular reports. Excellent database of suspicious logfile strings included.
991fee1240493841d942a05ffab5ef5d95051155144bbcb9dbabe4e3ff1352a8Whowatch is a ncurses who-like utility that displays information about the users currently logged on to the machine, in real-time. Besides standard information (login name, tty, host, user's process), the type of the connection (ie. telnet or ssh) is shown. You can toggle display between users' command or idle time. You can also view processes tree and send INT and KILL signals.
c0305ae9774f9652325025084821d5835882589cf2b3ebf3c0143089435bfc71Kernel module which logs specific system calls to a logfile. Tracks mkdir, rmdir, link, and open.
739466ea19f402e721ecc39d1bd57cc11892e68417801d26674508300c43c177Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail.
dfe4cb29305c619dc0a0aca5b11b2bd397baccf3076b48f03457f66f299ab42elogsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.
544d9a0a79ddca06aa9c17d04f98e8f51ea727e3420c9328c79cdd428d89689ePortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations.
dcd261b2ed7cb1fc2b602b0b94fa7d47cfbbfaf03a0fb3d92ce243e2f647588dIDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.
10f4b8a670367efd29cc6f1e2b1080b57abab5342acc80ce9ffe06156a3179e0Samhain is a tool for verifying the integrity of files. It uses the TIGER message digest algorithm to generate a database for files and directories listed in the configuration file. After initializing the database, samhain can run as a background process, performing checks at user-defined intervals. Results can be written to a log file and/or forwarded to another host by e-mail. Log file entries are signed to prevent tampering. The current version is tested on Linux only.
1505f8f9c2445ed1a8767f0ce6bdd68622d0740af23fed22db953ce348336066Eyes on Exec 2.32 is a set of tools which you can use to build your own host based IDS. It watches for programs getting exec'd and logs information about it to a file. Combined with perl this can be extremely powerful. Requires linux kernel 2.2.
721aa1dc02e15a1fb8384fa30f37cc22af65e7cc1755e2bc04a94eaffd14de73Logwatch provides a client/server architecture for viewing logfiles on multiple machines on a network. With a single daemon process running on each participating computer, logfiles can be tailed from any authorized machine. Multiple logfiles on multiple machines can be followed with a single client process by specifying the machines and files to follow.
39583b7bcfa05e6bac8964d2e2ed38b98707b722312bb43babd2ca27f6bad959firesoft is a collection of Perl scripts for viewing snort-generated logs and ipchains logs. The package includes a bar chart creator from ipchains logs, to quickly view who has been scanning you the most.
4fb6ac3726d2ee46e1eed632e9031387e99c60694386b203fba668c5142b6c47Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).
f48d24516c0e62148cbb782e1cb62c1b16b0c0a4f5d49100f27fe7568d015b5asuidshow.c is a linux lkm that will log any non-root user doing a setuid(0) or a setreuid(0,0) system call. CyberPsychotic
5089cc902d75283bd99aa843ad384439e5b1b862509c70dfa40b9ccae967e300Logcolorise is a PERL script to make your syslog generated log files much more legible by colourising them (context highlighting based on keywords).
c63321d7d299bfb4acc2b06a4c5e8179a58c46288c934847e20ecb25751c7ee1Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)
0011bf9bb3235b1f12a7a203cf243e8db9ffb91b311a8147d9873a667d78fb33Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convinient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you don't have to build low-level network code. If you decide to use libnids, you have got E-component ready - you can focus on implementing other parts of NIDS.
37aab0e12817880ae502de7bec0810e0df2e1c6ee7cd328e933f0bca7751c656Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)
44c568b15d10d6153f5b49137e01ff1d3ba63549b16e672d0a3990bf420a5186Rpc_Gotcha is a network based intrusion detection tool for detecting rpc based scans and attacks (buffer overflows). The program will passively sit on the network perimeter and process packets while analyzing the rpc message data payload looking for signs of a possible attack. Rpc_Gotcha will log all rpc calls made to the network and display payload data for possible attacks. Changes : This version has some major bug fixes , memory leaks and signature issues. It will also read tcpdump capture files in a batch mode.
47e916295ba31b13f5d2c3e1ee1298ccbaa67084f08de4d1c4ed07f5a57002d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed