Section: .. / UNIX / IDS /
| /// File Name: |
qps-1.6.8.tar.gz |
Description:
|
qps 1.6.8 - Qps is a visual process manager, an X11 version of "top" or "ps" that displays processes in a window and lets you sort and manipulate them.
| | Author: | Mattias Engdegard | | Changes: | TTY field width made variable (mostly for Solaris) and Linux cpu usage bug fixed. Source code. Requires Qt library 1.40 or later. | | File Size: | 81659 | | Last Modified: | Aug 16 20:02:43 1999 |
| MD5 Checksum: | d3fffd1514f4fbd59b78233b5fb04c3f |
|
| /// File Name: |
gogmagog-3.tar.gz |
Description:
|
GogMagog is a multiplatform sysadmin tool for monitoring the integrity of network-wide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is pretty network architecture independant. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface on the server.
| | Author: | C.Parisel | | File Size: | 13936 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 8ef23b61a15ccdbe831cb688278deedd |
|
| /// File Name: |
overcr-1.49.02.tar.gz |
Description:
|
OverCR 1.49.02 - OverCR is a remote systems monitoring tool that utilizes a simple language for queries. It is designed as a GPL'd program similar to the popular (and non-GPL) Big Brother Monitoring system.
| | Author: | Eric Molitor | | Changes: | Configuration file support completed, minor documentation fixes, minor cleaning and formating of source. | | File Size: | 13185 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 6ae461e9e01a97b6e47695f87462fd1b |
|
| /// File Name: |
sxid_3.2.4.tar.gz |
Description:
|
sXid 3.2.4 - sXid is an all in one suid/sgid monitoring program designed to be run from cron on a regular basis. Basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes in an easy to read format via email or on the command line.
| | Author: | Ben Collins | | Changes: | Minor bugfixes and a new IGNORE_DIRS option. | | File Size: | 43354 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 97e3eeed57749e91262b1a49563be456 |
|
| /// File Name: |
tmp-audit-0.3.tar.gz |
Description:
|
tmp-audit is a simple tool designed to monitor a directory and log changes (i.e /tmp). New file size, variable refresh, and header beep options in this release.
| | Author: | Proof Of Concept | | File Size: | 3401 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | b902f220dd12ba87319a661c9f9f361c |
|
| /// File Name: |
traffic-vis-0.34.tar.gz |
Description:
|
See description above.
| | File Size: | 45918 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | cc37484bbb537dd80d52d05961bd5624 |
|
| /// File Name: |
overcr-1.49.01.tar.gz |
Description:
|
OverCR 1.49.01 - OverCR is a simple system monitoring tool that utilizes a simple language for queries. It is designed as a GPL'd program similar to the popular (and non-GPL) Big Brother Monitoring system.
| | Author: | Eric Molitor | | Changes: | First 1.50 beta featuring new config file based configuration. "System Monitoring is an important and expensive task. Fortunately free tools such as Big Brother have become available. Unfortunately these tools are not free in the GNU sense. In addition the shell script format of Big Brother leaves something to be desired in my opinion. Therefore I've started writing Over-CR, a GPL Network Monitoring software."--Eric Molitor | | File Size: | 12948 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | a68cee6f17be4e0806ee23797f112899 |
|
| /// File Name: |
qps-1.6.3-static.gz |
Description:
|
qps v1.6.3-static: Qps is a visual process manager, an X11 version of "top" or "ps" that displays processes in a window and lets you sort and manipulate them. Static binary of alpha code.
| | Author: | Mattias Engdegard | | File Size: | 657750 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | 850b5aff83b74a3a04148103958f1b24 |
|
| /// File Name: |
qps-1.6.3.tar.gz |
Description:
|
See description above.
| | File Size: | 82490 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | 631a834da72aa37bbc4691e4ba54c07d |
|
| /// File Name: |
qps-1.6.4.tar.gz |
Description:
|
qps 1.6.4 - Qps is a visual process manager, an X11 version of "top" or "ps" that displays processes in a window and lets you sort and manipulate them.
| | Author: | Mattias Engdegard | | Changes: | Compile error fixed and tiny tweak in proc.C (skip unused fields). Source code. Requires Qt library 1.40 or later. | | File Size: | 76914 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | a74cad190fc47332ae2fa9c4e70531ca |
|
| /// File Name: |
whowatch-1.0.5.tar.gz |
Description:
|
whowatch 1.0.5 - Whowatch is an ncurses who-like utility which displays informations about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh).
| | Author: | Michal Suszycki | | Changes: | Added ability to toggle display between processes and users' idle time, added 'local' type of login, better response for key pressing, and several bugfixes. | | File Size: | 5988 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | 5e0e39d1e3d1ad8051abeb0b5d4a9ccc |
|
| /// File Name: |
whowatch-1.0.tar.gz |
Description:
|
whowatch v1.0 is an ncurses who-like utility that displays informations about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). Initial release. 4k.
| | Author: | Michal Suszycki | | File Size: | 4369 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | 3a2c7f8fe56376fea72014c4f5980605 |
|
| /// File Name: |
xlogmaster-1.6.0.tar.gz |
Description:
|
Xlogmaster 1.6.0 is a program that lets you monitor everything that's going on on your system in a very quick and comfortable way. It allows reading logfiles, devices or running status-gathering programs, translating all data (if wished) and displaying it with filters for highlithing / lowlighting / hiding lines or taking actions upon user-defined events. Filters allow to raise/lower/hide lines. Due to usage of the GTK+ toolkit and full runtime configurability the user can modify the appearance of the xlogmaster to whatever fits his desktop best.
| | Author: | Georg C. F. Greve | | Changes: | Complete "Customize" Menu rewrite, Plugin support, GTK+ 1.2.0 compliant, the EXEC lines now allow pipes, keyboard accelerators for entries and for menu, support for a system wide entry database and for personal entry database, now catches logfile rotation and a new mode (RUN) that allows execution of any program to gather information about the system and evaluate it's stdout and stderr. Excellent program! Compiles and runs on just about every flavor of UNIX/Linux. Too many features to list here, so check out the Xlogmaster web site. | | File Size: | 358648 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | b1900ebae821656fb6b7f028fab8bf10 |
|
| /// File Name: |
abacus-sentry.lsm |
Description:
|
Detailed descriptions of the PortSentry, HostSentry, and LogCheck tools included in the Abacus Project suite of Intrusion Detection tools. Abacus Project web site
| | File Size: | 23386 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 54b8d9d6eadd7f6f9195e6c9b8027646 |
|
| /// File Name: |
hostsentry-0.02.tar.gz |
Description:
|
HostSentry v0.02 is a host based intrusion detection tool that performs Login Anomaly Detection (LAD), and is the most recent edition to the Abacus Project suite of security tools. This tool allows administrators to spot strange login behavior and quickly respond to compromised accounts and unusual behavior. HostSentry incorporates a dynamic database and actually "learns" the user login behavior. This behavior is then utilized by modular signatures to detect unusual events. Specifically, HostSentry monitors system login accounting records in real-time (wtmp/utmp). These records are used to build a dynamic database of active users and run a series of signature modules during the login and logout phases. The signature modules are pluggable and easily activated or deactivated by the admin. An example wrapper is included to allow administrators to add new signatures. The current list of signatures includes: moduleLoginLogout - Generic audit trail of all user login and logouts. moduleFirstLogin - Alerts administrators if this user is logging in for the first time. moduleForeignDomain - A login was detected from a domain not listed in the allowed domains file. moduleRhostCheck - A user's .rhosts file contains a wildcard or other dangerous modification. moduleHistoryTruncated - A user's .history file is missing, truncated to zero bytes, or symlinked (i.e. /dev/null). moduleOddDirnames - A user's directory contains suspicious directory names on logout (" ..", "...", etc.). moduleMultipleLogins - A single username has multiple concurrent logins from different domains. moduleOddLoginTime - A user is logging in at an odd hour for their usage pattern (not implemented yet). moduleInvalidUtmp - A corresponding utmp/wtmp entry for this login cannot be found (entry possibly removed) (not implemented yet). moduleHistorySuspicious - The user's history file contains suspicious commands (not implemented yet). moduleNetworkDaemon - The user logged out but left a listening network socket operating (private web server, IRC bot, etc.) (not implemented yet). moduleFileExists - A file was found in the user's directory that is listed in the banned/monitored list of the site (not implemented yet). First release.
| | Author: | Craig H. Rowland | | File Size: | 33983 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 3de0bbb7d456bb53683de56dfdf98362 |
|
| /// File Name: |
icmp-0.9.tar.gz |
Description:
|
IMON v0.9b is a powerful tool to monitor/analyze ICMP traffic on your LAN (includes LOKI backdoor detection).
| | Author: | Stealth | | File Size: | 15950 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 7c82926086a0c749ec83bf5f3e33dfb6 |
|
| /// File Name: |
mon-0.38pre7.tar.gz |
Description:
|
mon 0.38pre7 - "mon" is an extensible fault detection package which can be used to monitor network and system resources. It is most useful for system and network administrators who are responsible for maintaining the operation of networks of hundreds or possibly thousands of nodes.
| | Author: | Jim Trocki | | Changes: | Changes to period behavior, trap enhancements, basedir support, and more. mon-0.38pre7.tar.gz.sign. | | File Size: | 117141 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 663a1a9e21ec3e7b90e05fe8fde11705 |
|
| /// File Name: |
mon-0.38pre7.tar.gz.sign |
Description:
|
PGP signature for mon 0.38pre7.
| | File Size: | 344 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | a421f18650959c0c54f9dc396bf301f2 |
|
| /// File Name: |
netl-1.01.tar.gz |
Description:
|
netl v1.01 is a network logger/sniffer suitable for TCP/IP over Ethernet and loopback. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.
| | Author: | Graham THE Ollis | | File Size: | 54011 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | bb85df6ef22cdc4472ce5872a7af88c8 |
|
| /// File Name: |
nettest-1.0.tar.gz |
Description:
|
nettest v1.0 is a program that monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down.
| | Author: | Rene Chaddock | | Changes: | Removed dependencies on external programs. More rcfile options for various configurable settings w/ almost foolproof defaults. More efficient ping code. Minor bug fixes. | | File Size: | 17430 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | c0705e221c389233bfd6fcc481c7e492 |
|
| /// File Name: |
portsentry-0.61.tar.gz |
Description:
|
PortSentry v0.61beta is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. There are other port scan detectors that perform similar detection of scans, but PortSentry has some unique features that may make it worth looking into: Runs on TCP and UDP sockets to detect port scans against your system. PortSentry is configurable to run on multiple sockets at the same time so you only need to start one copy to cover dozens of tripwired services. Stealth scan detection (Linux only right now). PortSentry will now detect SYN/half-open, FIN, NULL, X-MAS and oddball packet stealth scans. Four new stealth scan operation modes have been added to greatly increase the power of this package. PortSentry will react to a port scan attempt by blocking the host in real-time. This is done through configured options of either dropping the local route back to the attacker, using the Linux ipfwadm command, *BSD ipfw command, and/or dropping the attacker host IP into a TCP Wrappers host.deny file automatically. PortSentry has an internal state engine to remember hosts that connected previously. This allows the setting of a trigger value to prevent false alarms and detect "random" port probing. PortSentry will report all violations to the local or remote syslog daemons indicating the system name, time of attack, attacking host IP and the TCP or UDP port a connection attempt was made to. When used in conjunction with Logcheck it will provide an alert to administrators through e-mail.
| | Author: | Craig H. Rowland | | File Size: | 34968 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 57bf7e0caf99188018ef1ab6131faf4b |
|
| /// File Name: |
qps-1.6.2.tar.gz |
Description:
|
See description above.
| | File Size: | 76493 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 2ac9af439f59b480a69dac24ef2c1921 |
|
| /// File Name: |
sfck.tar.gz |
Description:
|
Sfck is a program that locates file changes on your linux system. It keeps a database which you can put on a read-only disk to make sure no changes take place from a hacker/intruder. When a file change is detected it mails root.
| | Author: | Vision | | File Size: | 3027 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 059733c5a98c11ca907f0160ee6b3a74 |
|
| /// File Name: |
ywho-1.9.tar.gz |
Description:
|
ywho v1.9 is a who-type utility displaying not only who is logged in, but also general system information and commands run by the users. Includes a rwhod replacement with central server, allowing user information to be gathered across routers.
| | Author: | Martin Mares | | File Size: | 10042 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 300aa7a26c3b763947633c12c7218b1f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
