Section: .. / UNIX / IDS /
| /// File Name: |
spong.tar.gz |
Description:
|
System monitoring package coded in perl. Monitors clients, networks, host groups, and displays info via web interface.
| | File Size: | 54819 | | Last Modified: | Aug 16 20:02:17 1999 |
| MD5 Checksum: | 5d0505a407855c02859e7313b755e83b |
|
| /// File Name: |
logwatch-4.1.tar.gz |
Description:
|
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
| | Homepage: | http://www.logwatch.org | | Changes: | Fixed race conditions. | | File Size: | 54246 | | Last Modified: | Oct 22 02:36:11 2002 |
| MD5 Checksum: | b6f474c48160bb00c84f2a0d4081efe7 |
|
| /// File Name: |
netl-1.01.tar.gz |
Description:
|
netl v1.01 is a network logger/sniffer suitable for TCP/IP over Ethernet and loopback. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.
| | Author: | Graham THE Ollis. | | File Size: | 54011 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | bb85df6ef22cdc4472ce5872a7af88c8 |
|
| /// File Name: |
logwatch-3.3.tar.gz |
Description:
|
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
| | Homepage: | http://www.logwatch.org | | Changes: | Fixed the iptables and sendmail parsing routines. Some Solaris compatibility changes were made. An arpwatch filter was added. | | File Size: | 53647 | | Last Modified: | Jul 4 04:48:31 2002 |
| MD5 Checksum: | c559a05283e575531845b44f8787bf2d |
|
| /// File Name: |
mwcollect-3.0.0.tar.bz2 |
Description:
|
mwcollect is an easy solution to collect worms and other autonomous spreading malware in a non-native environment like Linux.
| | Author: | Honeynet Project | | Homepage: | http://www.mwcollect.org/ | | Changes: | First v3 core based version that catches a whole bunch of malware. | | File Size: | 53294 | | Last Modified: | Nov 1 00:34:28 2005 |
| MD5 Checksum: | e36833c7f9da5e485c235eb9de266444 |
|
| /// File Name: |
wipl-990104.src.tar.gz |
Description:
|
wipl v990104 - The wipl program package is able to make statistics about which network cards transfer how much on a LAN segment or through certain routers or servers. The program package contains a daemon program which collects and processes the information for network monitoring and realtime statistics.
| | Author: | Christian Worm Mortensen. | | File Size: | 52593 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | c488800ffe2c4661034a30f2656f3e05 |
|
| /// File Name: |
netl-1.00.tar.gz |
Description:
|
Network logger/sniffer suitable for TCP/IP over Ethernet and loopback. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.
| | File Size: | 52427 | | Last Modified: | Aug 16 20:02:25 1999 |
| MD5 Checksum: | d2fedfcdac3ab440b15f764cc8b983e5 |
|
| /// File Name: |
rdC-sf.1.0.tgz |
Description:
|
SF (securefiles) is a local intrusion detection system (IDS) which will get the hashes for the specified files and create a database which is then then it is encrypted with AES. The executable checks itself, and a phrase is displayed (we select it on the installation) every time the program run successfully.
| | Author: | Venomous | | Homepage: | http://www.rdcrew.com.ar | | File Size: | 51718 | | Last Modified: | May 30 16:24:48 2001 |
| MD5 Checksum: | e0f5bf109f1be32e108aa722ff74d60d |
|
| /// File Name: |
nabou-2.0.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.nabou.org | | Changes: | Fixed some major bugs. | | File Size: | 51477 | | Last Modified: | Feb 19 02:47:35 2002 |
| MD5 Checksum: | 0c60cccfe62bccc9121edfdcd307f2ed |
|
| /// File Name: |
sid-0.3.7.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 49564 | | Last Modified: | Aug 9 23:30:41 2004 |
| MD5 Checksum: | c9a3a9d58f24491cd8e8dd674a575eb3 |
|
| /// File Name: |
sid-0.3.10.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 49491 | | Last Modified: | Sep 21 04:16:43 2004 |
| MD5 Checksum: | 21f8d67b76623b7587ec469d2a3d141d |
|
| /// File Name: |
mod_protection-0.0.2.tar.gz |
Description:
|
Mod_protection is an apache module that integrate basic function of an IDS (intrusion detection system) and of a firewall (just an emulation for now). Your apache administrator have only to install mod_protection and define rules. A normal NIDS can't check SSL protected traffic, where mod_protection can. When a malicious client sends a request that matches on your rules the administrator will be warned and the client gets a user defined page or a error or warning.
| | Author: | Yaroze | | Homepage: | http://www.twlc.net | | Changes: | Three new directives - BlockTime, PairAlert, and PairAlertMatch. Blocktime does firewall emulation. Updated docs. Rules are now in an external file. | | File Size: | 46164 | | Last Modified: | Mar 20 01:58:54 2002 |
| MD5 Checksum: | 021f1fcdf44ec86204c47ee92eca0a2b |
|
| /// File Name: |
traffic-vis-0.34.tar.gz |
Description:
|
See description above.
| | File Size: | 45918 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | cc37484bbb537dd80d52d05961bd5624 |
|
| /// File Name: |
portsentry-1.1.tar.gz |
Description:
|
PortSentry is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations. All modes support real time alerting and blocking.
| | Author: | Craig Rowland | | Homepage: | http://www.psionic.com/abacus/portsentry/ | | Changes: | Added netmask ignoring support, a toggle for DNS lookups, and can prioritize response/external commands. The Linux 2.4 CPU usage bug has been fixed. | | File Size: | 45871 | | Last Modified: | Jul 17 16:40:36 2001 |
| MD5 Checksum: | 782839446b7eca554bb1880ef0882670 |
|
| /// File Name: |
swatch-2.2.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://www.stanford.edu/~atkins/swatch/ | | Changes: | Fixed a big bug involving key value assignment when throttling. | | File Size: | 44862 | | Last Modified: | Aug 16 20:02:15 1999 |
| MD5 Checksum: | 0d787edd73d358eefcf9e7a601fb7cb7 |
|
| /// File Name: |
traffic-vis-0.32.tar.gz |
Description:
|
See description above.
| | File Size: | 44663 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | aef963ed47a5fb803dcf64a5ddcca87d |
|
| /// File Name: |
traffic-vis-0.31.tar.gz |
Description:
|
traffic-vis-0.31.tar.gz
| | File Size: | 44256 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | b2f08d0c0bc2a3009e598e5fa190cbd0 |
|
| /// File Name: |
sherpa-0.1.4.tar.gz |
Description:
|
sherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system.
| | Author: | Rick Crelia. | | Homepage: | http://sherpa.lavamonkeys.com/ | | Changes: | Sherpa now checks for shadow passwords, parses inetd.conf to look for use of tcp_wrappers, and verifies perms.lst for RedHat 6.1. | | File Size: | 44170 | | Last Modified: | Feb 3 16:25:20 2000 |
| MD5 Checksum: | 333b6e7a425c99017bcbd4ce6c229504 |
|
| /// File Name: |
sxid_4.0.0.tar.gz |
Description:
|
sXid 4.0.0 - sXid is an all in one suid/sgid monitoring program designed to be run from cron on a regular basis. Basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes in an easy to read format via email or on the command line.
| | Author: | Ben Collins. | | Changes: | numerous - see the changelog file. | | File Size: | 43714 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | f6a48e33024abc347df8606cc45fdd24 |
|
| /// File Name: |
ICU-0.3.tar.gz |
Description:
|
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
| | Homepage: | http://nitzer.dhs.org/ICU/ICU.html | | Changes: | Bug fixes and new features. | | File Size: | 43464 | | Last Modified: | Feb 4 22:12:45 2001 |
| MD5 Checksum: | 1bffbcb530e6a5967763d9c91faa5c28 |
|
| /// File Name: |
sxid_3.2.5.tar.gz |
Description:
|
sXid 3.2.5 - sXid is an all in one suid/sgid monitoring program designed to be run from cron on a regular basis. Basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes in an easy to read format via email or on the command line.
| | Author: | Ben Collins. | | Changes: | added option to specify other than the default mail program, patch to make use of TMPDIR if set. | | File Size: | 43378 | | Last Modified: | Aug 16 20:02:44 1999 |
| MD5 Checksum: | 8a573d8916efa87a40be6854fc763189 |
|
| /// File Name: |
sherpa-0.1.3.tar.gz |
Description:
|
sherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system.
| | Author: | Rick Crelia. | | Homepage: | http://sherpa.lavamonkeys.com/ | | File Size: | 43362 | | Last Modified: | Oct 20 15:21:54 1999 |
| MD5 Checksum: | 8bbb31cc9de6a094556aef48cb9d2410 |
|
| /// File Name: |
sxid_3.2.4.tar.gz |
Description:
|
sXid 3.2.4 - sXid is an all in one suid/sgid monitoring program designed to be run from cron on a regular basis. Basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes in an easy to read format via email or on the command line.
| | Author: | Ben Collins. | | Changes: | Minor bugfixes and a new IGNORE_DIRS option. | | File Size: | 43354 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 97e3eeed57749e91262b1a49563be456 |
|
| /// File Name: |
sid-0.3.5.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 43346 | | Last Modified: | Jun 7 23:44:57 2004 |
| MD5 Checksum: | 40ede1091f7a36800078a85259ff3a1b |
|
| /// File Name: |
whowatch-1.4.tar.gz |
Description:
|
Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.
| | Author: | Michal Suszycki | | Homepage: | http://wizard.ae.krakow.pl/~mike/ | | Changes: | Average load information and new keys for navigation were added, in addition to OpenBSD and FreeBSD support. Also bug fixes and major code optimalization changes. | | File Size: | 43084 | | Last Modified: | Jun 13 16:44:23 2000 |
| MD5 Checksum: | 0870155e8b75b99f9954e76fb20f9528 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
