Section: .. / UNIX / IDS /
| /// File Name: |
pakemon-0.3.0b4-2.tar.gz |
Description:
|
pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic.
| | Homepage: | http://www.sfc.keio.ac.jp/~keiji/ids/pakemon | | File Size: | 108519 | | Last Modified: | Oct 29 01:52:56 2000 |
| MD5 Checksum: | 3e99f29f9e8c6084bde9857991b4a1a6 |
|
| /// File Name: |
check-ps-1.3.1.tar.gz |
Description:
|
Check ps is a simple program that runs ps and compares it with its own list. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods.
| | Author: | Duncan Simpson | | Homepage: | http://checkps.alcom.co.uk | | Changes: | Better reporting, bug fixes, more resistant to attack. | | File Size: | 131476 | | Last Modified: | Oct 21 04:40:18 2000 |
| MD5 Checksum: | 229ea770193b6247a854097ab1dfed00 |
|
| /// File Name: |
shoki-0.08.2.tar.gz |
Description:
|
Shoki is a collection of IDS tools, scripts, and so forth. All the bits together can collect data from sensors, schlep it to a central location for storage, run signature-based and statistical analysis on the data, and load the data into a SQL database. Shoki provides a framework for a distributed system for network traffic analysis among untrusted peers.
| | Homepage: | http://www.meshuggeneh.net/shoki | | File Size: | 149000 | | Last Modified: | Oct 21 04:26:57 2000 |
| MD5 Checksum: | 20d43922b0415cedf1de6af12fbbeca6 |
|
| /// File Name: |
openports-0.2.tar.gz |
Description:
|
OpenPorts is a simple script which can be run as a cron job every 5 minutes, checking the open and listening ports on the local system with netstat. If there is a difference since the last time it was run, an e-mail is sent to the system administrator containing the list of new open ports.
| | Author: | Sven Darkman Michaels | | Changes: | Better log analysis, and printing of only the changes. | | File Size: | 2263 | | Last Modified: | Oct 15 18:38:15 2000 |
| MD5 Checksum: | 76384d12f67d37cb17e9d0088d2ee771 |
|
| /// File Name: |
Adwids0.8b1 |
Description:
|
The Defense Worx Network Intrusion Detection System is a linux based IDS which performs high-speed traffic analysis of a network packet to detect unauthorized traffic in real-time. Includes a Java based consile to display alerts. Changes:Now decodes DNS, has open source signatures, detects port scans and sweeps, and contains performance improvements.
| | Author: | Defense Worx | | Homepage: | http://www.defenseworx.com | | File Size: | 169589 | | Last Modified: | Oct 6 23:48:19 2000 |
| MD5 Checksum: | b5637a5fdc8808d57379b5083ffb6e85 |
|
| /// File Name: |
claymore.tar.gz |
Description:
|
Claymore v0.3 is an intrusion detection and integrity monitoring system. To accomplish its task, it runs from cron and reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses.
| | Author: | Sam Carter | | Homepage: | http://linux.rice.edu/magic/claymore/ | | Changes: | This release adds ownership / permission tracking and switches to the Digest::MD5 instead of md5sum. | | File Size: | 6239 | | Last Modified: | Oct 3 17:38:28 2000 |
| MD5 Checksum: | 1288658c2152454fa372ceffd319d9fe |
|
| /// File Name: |
nabou-1.5.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.0x49.org/nabou/ | | Changes: | This release includes many bugfixes, database encryption support, process monitoring capabilities, and some more output options. | | File Size: | 34553 | | Last Modified: | Sep 12 17:58:40 2000 |
| MD5 Checksum: | c84b8d6df7348aec42e97cdb36ace23a |
|
| /// File Name: |
fileutils-4.0-lm.tar.gz |
Description:
|
Landmine Fileutils is a modified fileutils package for Linux which logs the arguments used for execution to syslog. Includes patched copies of chmod, chgrp, chown, cp, dir, ln, ls, mkdir, mv, rm, rmdir, and touch.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | File Size: | 1175398 | | Last Modified: | Sep 5 21:58:42 2000 |
| MD5 Checksum: | f21184a3e76e3758813651b77d1c092e |
|
| /// File Name: |
sf-0.1b.tgz |
Description:
|
Secure Files 0.1b is a security tool that checks system integrity by comparing the MD5 checksums of flagged files against their earlier recorded checksums.
| | Author: | vENOMOUS | | Homepage: | http://www.rdcrew.com.ar | | File Size: | 3645 | | Last Modified: | Aug 28 22:19:23 2000 |
| MD5 Checksum: | cae75ec5225047150b2055ad309208b8 |
|
| /// File Name: |
nabou-1.4.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.0x49.org/nabou/ | | Changes: | Many bugs were fixed. Some new commandline flags were added: --quiet (report only changes) and --update (update a database record for a file). It can now check the disk usage of a directory, and you can now define your own checks using inline Perl scriptlets. | | File Size: | 20235 | | Last Modified: | Aug 16 23:21:52 2000 |
| MD5 Checksum: | c7d6f2938e846c94ae4796a2d37467be |
|
| /// File Name: |
nabou-1.2.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.0x49.org/nabou/ | | File Size: | 12991 | | Last Modified: | Aug 7 14:58:59 2000 |
| MD5 Checksum: | 98aac6f969c6ffe61a5e4618e2a644a4 |
|
| /// File Name: |
libnids-1.14.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convinient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you don't have to build low-level network code. If you decide to use libnids, you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://www.packetfactory.net/Projects/libnids | | Changes: | Added support to capture packets on all interfaces, including loopback, added ability to refrain from setting promisc flag, added ability to disable tcp processing, libc5 support, alpha platform support, and bug fixes. | | File Size: | 67678 | | Last Modified: | Jul 11 20:13:18 2000 |
| MD5 Checksum: | fee6fd45b55ab67cd599b066710ce1bc |
|
| /// File Name: |
sploitmon.pl |
Description:
|
sploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 1902 | | Last Modified: | Jun 29 11:29:47 2000 |
| MD5 Checksum: | aa2fb5d66590141e34932b7013cb78d9 |
|
| /// File Name: |
whowatch-1.4.tar.gz |
Description:
|
Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.
| | Author: | Michal Suszycki | | Homepage: | http://wizard.ae.krakow.pl/~mike/ | | Changes: | Average load information and new keys for navigation were added, in addition to OpenBSD and FreeBSD support. Also bug fixes and major code optimalization changes. | | File Size: | 43084 | | Last Modified: | Jun 13 16:44:23 2000 |
| MD5 Checksum: | 0870155e8b75b99f9954e76fb20f9528 |
|
| /// File Name: |
audit.tgz |
Description:
|
Audit is a script which will record any changes to files on your machine by generating a checksum for each file in the directories scanned. It was built with simplicity and ease of use in mind, comes with a GUI, and has a reasonable set of defaults in place out of the box.
| | Author: | Digs | | Homepage: | http://console-newsletter.hypermart.net/audit/index.htm | | File Size: | 89914 | | Last Modified: | Jun 6 18:33:41 2000 |
| MD5 Checksum: | cb9ce619c78cdbfd3589fa613576a7d0 |
|
| /// File Name: |
passfing.tar.gz |
Description:
|
A perl script that passively fingerprints OSes based on signatures.
| | Author: | Craig Smith | | File Size: | 9861 | | Last Modified: | May 16 17:25:04 2000 |
| MD5 Checksum: | 6021a9992e1d522783d586f3b60780f5 |
|
| /// File Name: |
aide-0.7.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Bug fixes, support for compressed database using zlib, and updated Mhash support along with linkname checking. | | File Size: | 219837 | | Last Modified: | May 9 18:52:22 2000 |
| MD5 Checksum: | 0b2ed9eb3b608a19418800b87f5be848 |
|
| /// File Name: |
trappa.tar.gz |
Description:
|
Trappa detects a CGI scan and sends an alert message to syslog with the attackers IP+Web Browser. Works by installing decoy CGI scripts in the cgi-bin directory.
| | Author: | Narrow | | Homepage: | http://www.b0f.com | | File Size: | 1620 | | Last Modified: | May 7 18:26:54 2000 |
| MD5 Checksum: | 363448532830a960dc354287a21ad11f |
|
| /// File Name: |
secureworx0_7-B1.sh |
Description:
|
Secure Worx (TM) Network Intrusion Detection System - The intrusion detection system is a network based system that performs high-speed traffic analysis of the content and context of a network packet to detect unauthorized traffic in real-time. It has inexpensive hardware and OS requirements. The intrusion detection system runs on a Intel Pentium class compatible processor with a 10/100 Ethernet card running the Linux OS with kernel 2.2 and above with a configured TCP/IP stack. The installation process involves running an installation script that asks a few simple questions. It is then a simple matter of starting the software and your network is then searched for anomalous activity.
| | Author: | Secure Worx | | Homepage: | http://secureworx.homestead.com | | File Size: | 107122 | | Last Modified: | May 2 19:35:35 2000 |
| MD5 Checksum: | a4743d99fc1ca09beb0fcf86ef7f7579 |
|
| /// File Name: |
FCheck_2.07.51.tar.gz |
Description:
|
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Mike Gumienny. | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | Fixes for the configuration files trailing space bug (fixed security hole), major bug fixes. | | File Size: | 25612 | | Last Modified: | Apr 11 18:13:21 2000 |
| MD5 Checksum: | 5e475dbaa313aa77d94bc4756ace47c5 |
|
| /// File Name: |
seclogv03.tar.gz |
Description:
|
Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information and notify you via email.
| | Author: | Dilusi0n | | Homepage: | http://www.gotr00t.com/~dilusi0n/ | | Changes: | Major rewrite, all system calls have been removed, works much faster now, more secure, saves backups of the reports/mails it creates. | | File Size: | 1975 | | Last Modified: | Apr 3 20:02:57 2000 |
| MD5 Checksum: | 6ef5106814689b8a023946eaa3002edb |
|
| /// File Name: |
seclog |
Description:
|
Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information, and notify you via email.
| | Author: | Dilusi0n | | Homepage: | http://www.gotr00t.com/~dilusi0n/ | | File Size: | 3391 | | Last Modified: | Mar 23 16:03:00 2000 |
| MD5 Checksum: | 478b20c9c35d7911278969dcfdac5aae |
|
| /// File Name: |
stjude-0.4.tgz |
Description:
|
StJude is an attempt to monitor the flow of privilege in my Solaris boxes. It tries to detect privilege violations or improper transitions (ie stack smashing, or other local root exploits) by watching audit trails.
| | Author: | Tim Lawless | | File Size: | 6277 | | Last Modified: | Mar 6 15:47:53 2000 |
| MD5 Checksum: | b416a0164c195804d20a79668d919373 |
|
| /// File Name: |
slipwire-1.4.tar.gz |
Description:
|
slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | SHA hash of file database is returned when database is created, Quiet output by default, md5's are in the readme. | | File Size: | 5010 | | Last Modified: | Mar 2 23:39:05 2000 |
| MD5 Checksum: | 965d2d8171e3843a53c78095269ad3ca |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
