sherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system.
7d9a5cdc6b941a0b37126d89ee9153a4a21c836a27c959ffff39bb272ea1fff5
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
b496520b28cfcbbf5d352dfe9a9b74dfc01978e4a1988f2a59f9f2c6ef4cf28b
Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)
b0291d4a76fe976aae9873a5039b4f8ff351c4f610e7b617251814bdc375a0c3
IPLimit is a security tool to prevent some denial of services on common internet daemons. It will dynamically reject connections from hosts thatalready connected too many times on the same service or the same server. And only these strobe makers will be rejected, not trusted people. IPLimit is fully configurable : you can, for instance, allow 40 connections per second for SMTP, and only 1 per minute for Telnet. It needs the TCPREMOTEIP and TCPLOCALPORT environment variables, so that IPLimit has to be used with a super-server like G2S or TCPServer. You can also use any other inetd variant if you have the tcp-env program (from Qmail). IPLimit was tested on Linux but should work on any other Unix implementation with or without minor changes.
9b0eb17b70cae3acbd2924d8bb3df048ceccc94275bad8e5a541747e0235eb3d
Blurb for tcp_wrappers_7.6.tar.gz
ba6ca8ba9ee13ef06fd505b3d9e5b285d454a0e72b86349ac550c1bf7bb075cc
Wietse Venema's tcp wrapper. The package provides tiny daemon wrapper programs that can be installed without any changes to existing software or to existing configuration files. The wrappers report the name of the client host and of the requested service; the wrappers do not exchange information with the client or server applications, and impose no overhead on the actual conversation between the client and server applications.
9543d7adedf78a6de0b221ccbbd1952e08b5138717f4ade814039bb489a4315d
decfingerd 0.7: The Deception Finger Daemon. This program will take place of the original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system. Tested on: Linux 2.2.7 -- GCC 2.7.2.3, Solaris 2.7 -- EGCS 1.1.1, OpenBSD 2.5 -- GCC 2.8.1.
2f0703745ed109808ec2722a88bd0d120af0c3d11b4423d1453b61c8462f9e91
A daemon which kills shells with idle time above a certain limit.
8818b38a84283a859e30dd27f85c70af3e475a7baf52cfc154568f631e07ceff
Tcprelay v1.0.1 - Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
406ba86835be13f285736bfac9780708a0537ea26d50fe6a211628d0fdafb6ec
Fragrouter v1.6 - Fragrouter is aimed at testing the correctness of a NIDS, according to the specific TCP/IP attacks listed in the Secure Networks NIDS evasion paper. Other NIDS evasion toolkits which implement these attacks are in circulation among hackers or publically available, and it is assumed that they are currently being used to bypass NIDSs.
db066e3e55a97f5623e5bfbd742d5eb934037b4f3b467e1e1535c40778bdcbe8
Rpc_Gotcha is a network based intrusion detection tool for detecting rpc based scans and attacks (buffer overflows). The program will passively sit on the network perimeter and process packets while analyzing the rpc message data payload looking for signs of a possible attack. Rpc_Gotcha will log all rpc calls made to the network and display payload data for possible attacks.
e2ccfd68a343a3485c93f6ce4cc1b8bf77c771ab659892b0f547ca1fb0ed14d2
AAFID is a distributed monitoring and intrusion detection system that employs small stand-alone programs/Agents to perform monitoring functions in the hosts of a network. AAFID uses a hierarchical structure to collect the information produced by each agent, by each host, and by each set of hosts, to be able to detect suspicious activity. This release is a prototype and does not implement full functionality. All modules of the system are written in Perl, and thus it is extremely portable. Although some of the Agents included with AAFID2 perform NIDS functionality, the system as a whole is a host-based intrusion detection system.
0790ec3c2a9d54d716ac14f299330ea2472623d7f4b2419781dfacc1d8ef40bd
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
d995ff1e66845a2e0725d86d2ef681f559fcaf430b984f9180a1b2a746798742
Packet filter that allows you to control IP packets going to and from your LAN and the Internet.
d0b0a7fcb3bef6b332b36bf8b7ef46ff399688a17573a0b1228f4c3ea4e5f408
HummingBird is a distributed component for any Intrusion Detection System. Features: Share security information with any Internet host, Powerful search-able database of security relevant data, Easy to use data visualization, Detects light but network wide attacks, Keeps historical data of system status, Hosts can be organized in a hierarchy for better management and information flow, Java interface for alert messages.
49f2ff6ce1537346482f3c34b42bb0ba7898cb751019f7190d6fe7a668cbe2a7
Tracks ICMP packets, allowing you to proactively watch for suspicious behaviour, mainly ICMP unreachables.
73a3106fab2ed9e187145c88a7914a0b09ff54e1a5bb05b0a222bff1840c4d12
bgcheck 0.5 - bgcheck is a process monitor for Linux written in perl that can be used by administrators to limit the number of background processes that each user can run.
8a5e5a642bebb41d281e0916c6df99c8661b31c2576f42915d167c36debb6391
ctm 1.2 - CTM is an SNMP interface statistics gatherer which works as a daemon and polls SNMP capable routers in regular intervals and puts the gathered information into a database. Information gathered includes operational status of the interface, octets and packets sent and received, line errors, and queue discards, but CTM can easily be changed to log any interface specific SNMP variable. CTM comes with an example report script which gives traffic and line error summaries for certain periods of time.
27308bc4087287161826a889483c1a4e0e34328f7e8fbc5be4478362342adc72
dfingerd v0.6 takes the place of your original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system.
e02c0b42a26d48042ebd6629ed114dd8c4f5cc9ff6df6e94067d7ccbc40f0f24
gogmagog 4 - GogMagog is a multiplatform sysadmin tool for monitoring the integrity of networkwide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is relatively network architecture independent. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface (named GogView) on the server. GogMagog works on Linux, AIX, HP-UX and Solaris.
b9e75e70b99d04fb2121c6bf3c917a993b0dd53051668aa32ef9a8d765cfb779
lslk_1.25_W.tar.gz
10317b610522e71539e136f55f49f10e4d50f822614958dcf5894592fec4e130
lsof 4.43 - Lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system.
36e8d7f7aef8f8d581491bb31a45a5039408158fa056404c6a464be485b0fe64
lsof 4.45 - Lsof is a Unix-specific diagnostic t ool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system.
a55dfefdd9402561822821885e8b6cdfdb2a4ba741e747c643ad04a9466464f2
Secure Locate 1.6 - Secure locate provides a secure way to index and quickly search for files on your system. It uses incremental encoding just like GNU locate to compress its database to make searching faster, but it will also store file permissions and ownership so that users will not see files they do not have access to. It is a bit slower than the GNU locate, but thats the price for security.
bd8e2060cec9a7743ca9fa2ca80d1ee15f6863ba004f2fd54b9c108896bfc5c4
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
4f3ddf8efc4c8d14733cbf56329630704c9634db8183de27fd66a8e745e043a9