Section: .. / UNIX / IDS /
| /// File Name: |
ficc-1.2.tar.gz |
Description:
|
File Integrity Command & Control (FICC) helps system administrators manage multiple Tripwire installations across their network. It maintains MD5 hashes for the three key Tripwire files (the config file, executable, and TW database) for every system it monitors. It retrieves these key files from each system via SCP and compares the computed signature against the signatures in the FICC signature database. If all three signatures match the database, FICC then connects to the host via SSH and runs Tripwire.
| | Author: | Terry Ott | | Homepage: | http://www.firsttracks.net/ficc/overview.php | | Changes: | The "quick_check" option for hosts was added, allowing FICC to download only the MD5 executable for the target host. If the checksum of the remote MD5 executable is unchanged, FICC then runs the remote MD5 executable on the remaining files (the Tripwire executable, database, and config file), dramatically reducing bandwidth usage and runtime. | | File Size: | 19981 | | Last Modified: | Nov 24 14:56:11 2003 |
| MD5 Checksum: | 6fb5b94ff86b6ec9f3a03acaac29b769 |
|
| /// File Name: |
tcpstatflow_v1.1.tgz |
Description:
|
TCPStatFlow is a tool for network administrators which detects covert network tunnels running on ports which are accepted by most outbound firewalls by sniffing the network and measuring the symmetry of the data sent. HTTP / HTTPS / FTP / SMTP / POP3 protocols send much more data one direction than the other, and if a ssh server is set up on these ports, this tool will detect it by noticing that the amounts of data sent don't look like the protocol which is supposed to run on that port.
| | Author: | fryxar | | Homepage: | http://www.geocities.com/fryxar | | File Size: | 9338 | | Last Modified: | Nov 21 13:32:20 2003 |
| MD5 Checksum: | 40e65e3771f0d7e8d24e43286b1ecc0c |
|
| /// File Name: |
rkdet-0.54.tar.gz |
Description:
|
Rkdet is a small daemon intended to catch someone installing a rootkit or running a packet sniffer.
| | Author: | Andrew Daviel | | Homepage: | http://vancouver-webpages.com/rkdet/ | | Changes: | Various bug fixes. | | File Size: | 17455 | | Last Modified: | Nov 20 20:24:47 2003 |
| MD5 Checksum: | 5950c3d8a3bb585d735826e2e03fb860 |
|
| /// File Name: |
samhain-1.8.0.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | SQL logging supported, stealth mode operation, web-based console, and more. | | File Size: | 859017 | | Last Modified: | Nov 4 04:37:41 2003 |
| MD5 Checksum: | ae6a0d9eea326cdc7d3e364af5cfdffe |
|
| /// File Name: |
radmind-1.2.1.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Bug Fixes. | | File Size: | 490897 | | Last Modified: | Oct 30 14:55:30 2003 |
| MD5 Checksum: | 9c78f741a721c42573b9ba91e8cea74e |
|
| /// File Name: |
sensorTrends-0.6.tar.gz |
Description:
|
sensorTrends is a GPL web-based application that displays a high-level view of the ports that are being scanned over the course of time. The display is similar to the look and feel of Internet Storm Center (incidents.org). Supported log formats are Cisco router Access Control Lists (ACLs) syslog output, Cisco PIX firewall syslog output, Snort's portscan.log files and NetScreen syslog output, and more. Demonstration page available here.
| | Author: | John Weidley | | Homepage: | http://www.packetshack.org/index.php?page=sensorTrends | | File Size: | 17499 | | Last Modified: | Oct 30 14:00:05 2003 |
| MD5 Checksum: | e038e47abfe3838a0ae230d2465c1cf1 |
|
| /// File Name: |
libnids-1.18.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://libnids.sourceforge.net | | Changes: | Rejection of TCP packets with old timestamp, fixed memory corruption, and more. | | File Size: | 114013 | | Last Modified: | Oct 17 18:10:35 2003 |
| MD5 Checksum: | 9ee6dcdfac97bae6fe611aa27d2594a5 |
|
| /// File Name: |
radmind-1.2.0.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Pipelined lcreate, Added progress output option -v to fsdiff, f_noauth exits so client gets error, Fixed libsnet one off error, Added -R to radmind usage, mkdirs clears errno on success, Updated configure script, Added known issues section to README. | | File Size: | 490868 | | Last Modified: | Oct 17 00:57:54 2003 |
| MD5 Checksum: | ef005804d502f026d8b51dc9ff242f92 |
|
| /// File Name: |
firestorm-0.5.4.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Various bug fixes and feature enhancements. | | File Size: | 545830 | | Last Modified: | Sep 12 15:22:00 2003 |
| MD5 Checksum: | 584dc6b86b29956f66fe8a7adf39a41b |
|
| /// File Name: |
honeyd-0.6.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | This release includes faster routing lookups, asymmetric routing, GRE tunneling, plugins and configuration systems, integration of physical machines into the virtual routing topology for network simulation, performance improvements, and several bugfixes. | | File Size: | 365913 | | Last Modified: | Jun 24 02:10:02 2003 |
| MD5 Checksum: | 20cc97bee4188ccad9831292bbdb885c |
|
| /// File Name: |
widsard-0.1.tar.gz |
Description:
|
wIDSard is a host-based Intrusion Detection System for i386 Linux platform. It intercepts, at user level, system calls specified in a configuration file written by the user. A finite-state automater is used to trace the monitored process. The language used for the configuration file is regular expression based. If a particular sequence of system calls is intercepted than an appropriate action could be executed.
| | Author: | Davide Fais,Stefano Frassi,Filippo Giuntini,Luca Pugliese | | Homepage: | http://widsards.sourceforge.net/ | | File Size: | 443229 | | Last Modified: | Jun 24 01:34:40 2003 |
| MD5 Checksum: | b3b6ea301dec4bcabfdadd169e5077ff |
|
| /// File Name: |
honeyd-0.5.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes and improvements. | | File Size: | 272149 | | Last Modified: | Apr 15 04:29:12 2003 |
| MD5 Checksum: | 3aec5101f44ef21b29c213496d92c1c1 |
|
| /// File Name: |
0x333hpl.c |
Description:
|
0x333hpl.c compares pids in /proc with ps aux output.
| | Author: | nsn | | Homepage: | http://www.0x333.org | | File Size: | 1569 | | Last Modified: | Apr 1 03:16:45 2003 |
| MD5 Checksum: | 5f2a93e4bdce690ddebb8ea38d6d2320 |
|
| /// File Name: |
radmind-0.9.3.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Fixed connection accepting code, added argument checking, and various other bug fixes. | | File Size: | 238988 | | Last Modified: | Jan 27 13:41:21 2003 |
| MD5 Checksum: | a1f5f6d35263239c8e9ed78bea69ad7b |
|
| /// File Name: |
samhain-1.70.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Improved spec files, several other small fixes. | | File Size: | 754698 | | Last Modified: | Dec 24 00:32:47 2002 |
| MD5 Checksum: | 9d7db178a36cd4608219e70e9d2d1790 |
|
| /// File Name: |
radmind-0.9.2.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | User support has been added to the server with PAM, and there is a new version of libsnet. Bugs were fixed. | | File Size: | 266349 | | Last Modified: | Dec 18 12:13:05 2002 |
| MD5 Checksum: | c2ecfdba298bb324f4196ef5d063ba9c |
|
| /// File Name: |
samhain-1.6.6.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 732622 | | Last Modified: | Dec 14 00:02:06 2002 |
| MD5 Checksum: | bb8e4890ed02376f80bae297e6c01553 |
|
| /// File Name: |
samhain-1.6.4.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 731827 | | Last Modified: | Nov 13 03:03:41 2002 |
| MD5 Checksum: | e2afb4c10e3298054e7cce4da7547e32 |
|
| /// File Name: |
samhain-1.6.3.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixes for Solaris, Sun, and Freebsd. Fixed some stuff in the install script. | | File Size: | 730433 | | Last Modified: | Nov 2 22:32:01 2002 |
| MD5 Checksum: | 0326aab5eddf554c74fe8e4a56912755 |
|
| /// File Name: |
logwatch-4.2.1.tar.gz |
Description:
|
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
| | Homepage: | http://www.logwatch.org | | Changes: | Fixed bugs. | | File Size: | 55071 | | Last Modified: | Oct 30 03:22:44 2002 |
| MD5 Checksum: | b0ba7785397a29a94715e9710b13340d |
|
| /// File Name: |
logwatch-4.1.tar.gz |
Description:
|
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
| | Homepage: | http://www.logwatch.org | | Changes: | Fixed race conditions. | | File Size: | 54246 | | Last Modified: | Oct 22 02:36:11 2002 |
| MD5 Checksum: | b6f474c48160bb00c84f2a0d4081efe7 |
|
| /// File Name: |
beltane-0.3.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | File Size: | 161912 | | Last Modified: | Oct 11 03:11:09 2002 |
| MD5 Checksum: | c41eb1621a0780a7e93d36fbd908e633 |
|
| /// File Name: |
samhain-1.6.2.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Now includes a target to build RPM's, fixed samhain.startRedHat, fixed some bugs, allowed scheduler to accept multiple schedules. | | File Size: | 719964 | | Last Modified: | Oct 4 10:01:33 2002 |
| MD5 Checksum: | 6f8df843d8843661d323354392c7d1b9 |
|
| /// File Name: |
pmids-1.6.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | A GPG bug and grabbing of md5 sigs from the website have been repaired. | | File Size: | 15177 | | Last Modified: | Oct 1 00:28:27 2002 |
| MD5 Checksum: | fccdd4b8ac766c1fe16c97e4125afb0f |
|
| /// File Name: |
prelude-manager-0.8.6.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Fixed a communication problem on Linux kernel 2.2.x due to the non-standards-compliant poll(). | | File Size: | 410240 | | Last Modified: | Sep 24 02:17:31 2002 |
| MD5 Checksum: | 8f40152b9c7bffee6dec2d4ee8539be6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
