Section: .. / UNIX / IDS /
| /// File Name: |
seclogv03.tar.gz |
Description:
|
Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information and notify you via email.
| | Author: | Dilusi0n | | Homepage: | http://www.gotr00t.com/~dilusi0n/ | | Changes: | Major rewrite, all system calls have been removed, works much faster now, more secure, saves backups of the reports/mails it creates. | | File Size: | 1975 | | Last Modified: | Apr 3 20:02:57 2000 |
| MD5 Checksum: | 6ef5106814689b8a023946eaa3002edb |
|
| /// File Name: |
seclog |
Description:
|
Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information, and notify you via email.
| | Author: | Dilusi0n | | Homepage: | http://www.gotr00t.com/~dilusi0n/ | | File Size: | 3391 | | Last Modified: | Mar 23 16:03:00 2000 |
| MD5 Checksum: | 478b20c9c35d7911278969dcfdac5aae |
|
| /// File Name: |
stjude-0.4.tgz |
Description:
|
StJude is an attempt to monitor the flow of privilege in my Solaris boxes. It tries to detect privilege violations or improper transitions (ie stack smashing, or other local root exploits) by watching audit trails.
| | Author: | Tim Lawless | | File Size: | 6277 | | Last Modified: | Mar 6 15:47:53 2000 |
| MD5 Checksum: | b416a0164c195804d20a79668d919373 |
|
| /// File Name: |
slipwire-1.4.tar.gz |
Description:
|
slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | SHA hash of file database is returned when database is created, Quiet output by default, md5's are in the readme. | | File Size: | 5010 | | Last Modified: | Mar 2 23:39:05 2000 |
| MD5 Checksum: | 965d2d8171e3843a53c78095269ad3ca |
|
| /// File Name: |
whowatch-1.3.1.tar.gz |
Description:
|
Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.
| | Author: | Michal Suszycki | | Homepage: | http://wizard.ae.krakow.pl/~mike/ | | Changes: | Man page update, rpm package available, small bug fixes. | | File Size: | 19103 | | Last Modified: | Feb 29 04:19:38 2000 |
| MD5 Checksum: | 40ecee9cf96ea635b78972d8dde8863e |
|
| /// File Name: |
slipwire.1-3.tar.gz |
Description:
|
slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | Extension of information gathered on indexed files, comparisons made to inode, last-modified, etc in addition to SHA signatures, tightening up of the Perl code, and elimination of calls to the shell. | | File Size: | 4621 | | Last Modified: | Feb 23 03:05:28 2000 |
| MD5 Checksum: | 70d3ac7d70df7d733027a2b36bd2f772 |
|
| /// File Name: |
Gbs.c |
Description:
|
Grazer1's Bait System opens a specific port and logs connections to it. Simple and ghetto way to log Netbus requests.
| | Author: | W. ter Maat | | File Size: | 2599 | | Last Modified: | Feb 22 18:40:58 2000 |
| MD5 Checksum: | eb7bffeff5bf8f893bbeb14cdb2f2649 |
|
| /// File Name: |
viperdb_v0.9.1.pl.txt |
Description:
|
ViperDB was created as a smaller and faster option to Tripwire. ViperDB does not use a fancy all-in-one database to keep records. Instead it uses a plaintext db which is stored in each "watched" directory. By using this there is no real one attack point for an attacker to focus his attention on. This coupled with the running of ViperDB every 5 minutes (via cron root job) decreases that likelihood that an attacker will be able to modify your "watched" filesystem while ViperDB is monitoring your system.
| | Author: | J-Dog | | Homepage: | http://www.resentment.org/projects/viperdb/ | | Changes: | Ignore file functionality which allows user to specify files to ignore added. Updated code works better on solaris, updated ls options to lAcr for solaris instead of standard laAs. Splitting permissions code cleaned out into owner, group, all perms. | | File Size: | 12573 | | Last Modified: | Feb 22 18:40:58 2000 |
| MD5 Checksum: | 3018ff63bf0aa467d1e34769ab332416 |
|
| /// File Name: |
slipwire |
Description:
|
slipwire.pl v1.1 is the first iteration of a filesystem integrity checker. It compares the MD5 hashes of files to an initial state and alerts the user of any changes.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | The dependency on the md5 command has been removed by using the Digest:: modules for Perl, and SHA-1 hashes are now used instead of MD5. | | File Size: | 5025 | | Last Modified: | Feb 18 15:31:30 2000 |
| MD5 Checksum: | d32f3caea448249e2c4d223c90af5db7 |
|
| /// File Name: |
slipwire.1-2.tar.gz |
Description:
|
slipwire.pl is a simple filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | A fix for a bug in the iteration count when comparing files to hashes, a quick reader script for dumping the contents of the DBM file, an example file list, and a tidied-up README. | | File Size: | 3374 | | Last Modified: | Feb 18 15:31:17 2000 |
| MD5 Checksum: | cdfb0e35ca41c8dce84498b0c20842be |
|
| /// File Name: |
md5-tool.tgz |
Description:
|
If you have an md5 checksumming utility on your system, you can use these scripts for a "poor man's tripwire". These do several quick checks for archiving and security purposes.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 4738 | | Last Modified: | Feb 17 14:19:59 2000 |
| MD5 Checksum: | 41f0416f00dfa37b2e904ad115bee208 |
|
| /// File Name: |
watchfile-1.0.tgz |
Description:
|
Watchfile will display a list of specified files on the screen, and continually update their stats. The stats displayed (i.e. file size, modified time, owner, etc.) can be configured on the command-line along with the update frequency.
| | Author: | Nick 'Zaf' Clifford | | Homepage: | http://www.nrc.co.nz/Zaf/apps/ | | Changes: | Finally out of beta. The ability to change the order of columns displayed has been added. Many bugs fixed. | | File Size: | 11461 | | Last Modified: | Feb 8 20:39:41 2000 |
| MD5 Checksum: | 0c4cdaad12fb03e23340849e170ebe19 |
|
| /// File Name: |
aide-0.6.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | A lot of bug fixes. MD-sums were again broken; please update. | | File Size: | 212475 | | Last Modified: | Feb 8 13:55:35 2000 |
| MD5 Checksum: | 3697a80834816c022756acdbb4c8ec21 |
|
| /// File Name: |
sherpa-0.1.4.tar.gz |
Description:
|
sherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system.
| | Author: | Rick Crelia | | Homepage: | http://sherpa.lavamonkeys.com/ | | Changes: | Sherpa now checks for shadow passwords, parses inetd.conf to look for use of tcp_wrappers, and verifies perms.lst for RedHat 6.1. | | File Size: | 44170 | | Last Modified: | Feb 3 16:25:20 2000 |
| MD5 Checksum: | 333b6e7a425c99017bcbd4ce6c229504 |
|
| /// File Name: |
libnids-1.13.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convinient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you don't have to build low-level network code. If you decide to use libnids, you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://www.packetfactory.net/Projects/Libnids/ | | Changes: | GNU autoconf support, code cleanup and new libnids(3) manpage, pcap_filter field in nids_params, bugfix in ip_check_ext(), Solaris support. | | File Size: | 62959 | | Last Modified: | Jan 28 17:59:37 2000 |
| MD5 Checksum: | 801b12ad1bce956af1d2e03b4d70f851 |
|
| /// File Name: |
swatch-3.0b4.tar.gz |
Description:
|
Swatch ("Simple WATCHdog") is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | ftp://ftp.stanford.edu/general/security-tools/swatch/ | | Changes: | Fixed the examine switch, added continue and quit actions, Fixed parsing of "throttle" setting, bug fixes. | | File Size: | 20824 | | Last Modified: | Jan 26 16:10:36 2000 |
| MD5 Checksum: | 6c386d64a543841b69122afbc2144345 |
|
| /// File Name: |
sentinel-1.2.0.tar.gz |
Description:
|
Sentinel is a fast file/drive scanning utility similar to the Tripwire and Viper.pl utilities available. It uses a database similar to Tripwire, but uses a RIPEMD-160bit MAC checksumming algorithm (no patents) which is more secure than the patented MD5 128 bit checksum. It should run on most unixes (tested on redhat linux v6.0 & v5.2, slackware linux v3.x & 4.xb and IRIX (v5.2 and v6.x). Several other utilities which are used for Sentinel development are also posted here. Most utilities are included with the sentinel tarball. gSentinel is a graphical front-end to sentinel. Newbies should download gSentinel as it comes with a very simple rpm based installation and offers a friendly interface. Beware that gSentinel is currently under development and may be fairly crude compared to most GUI packages.
| | Homepage: | http://zurk.netpedia.net/zfile.html | | File Size: | 395168 | | Last Modified: | Jan 24 19:55:33 2000 |
| MD5 Checksum: | 6c7adcd611c90494db94c4e3f9b579cc |
|
| /// File Name: |
triplight.tar.gz |
Description:
|
Triplight 0.01 - Triplight is an intrusion detection, and integrity monitor system. It is a simpler version of tripwire, developed in perl. This release is rather unpolished (you need to hack up a crontab file, and to set a file path in the perl source), but fully functional. To accomplish it's design goals, it reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses. Thus by monitoring the integrity of the system, triplight will serve as an aid in intrusion detection.
| | Author: | Snupe | | Homepage: | http://linux.rice.edu/magic/triplight | | File Size: | 2993 | | Last Modified: | Jan 21 19:52:19 2000 |
| MD5 Checksum: | 65c3eabda7b87a4648e9fc73dd4c62df |
|
| /// File Name: |
watchfile-0.9.tgz |
Description:
|
Watchfile will display a list of specified files on the screen, and continually update their stats. The stats displayed (i.e. file size, modified time, owner, etc.) can be configured on the command-line along with the update frequency.
| | Author: | Nick 'Zaf' Clifford | | Homepage: | http://www.nrc.co.nz/Zaf/apps/ | | File Size: | 10746 | | Last Modified: | Jan 11 17:50:37 2000 |
| MD5 Checksum: | 54465d5aa319edcf88a3e7d0eed07beb |
|
| /// File Name: |
checksums-1.0.tar.gz |
Description:
|
Checksums takes a file of predetermined MD5 checksums and compares with the current sum. It can be installed as a command line tool, or as a CGI which will allow you to upload the sums file remotely. In either case it is a useful tool to detect changes in your system files, such as a trojan.
| | Author: | Mike | | File Size: | 2865 | | Last Modified: | Jan 10 15:15:12 2000 |
| MD5 Checksum: | 0510644d9d3ff548bfd58f9c0ef75b13 |
|
| /// File Name: |
filetraq-0.2.tgz |
Description:
|
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups.
| | Author: | Jeremy Weatherford | | Homepage: | http://filetraq.xidus.net | | Changes: | Comment lines are now permitted in the config file, wildcard matches are now possible, and entire directories can be checked. | | File Size: | 10659 | | Last Modified: | Jan 4 03:50:01 2000 |
| MD5 Checksum: | 91ea3b7350d795e2ad6e9d6da0954bc7 |
|
| /// File Name: |
aide-0.5.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | MD5 sums are now correct. Users must update their databases; they have false sums. With hash library support, you can have many more hash algorithms, and many bugfixes have been made. Note that the author's PGP keys have changed. | | File Size: | 192346 | | Last Modified: | Jan 2 14:27:58 2000 |
| MD5 Checksum: | 4615593338a1d860459f44a55b484dba |
|
| /// File Name: |
filetraq-0.1.tgz |
Description:
|
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups.
| | Author: | Jeremy Weatherford | | Homepage: | http://filetraq.xidus.net | | File Size: | 9985 | | Last Modified: | Jan 2 14:06:59 2000 |
| MD5 Checksum: | 80f29eda6ce691762a12d222dbd742d8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
