Section: .. / UNIX / IDS /
| /// File Name: |
attackwatch-0.0.1.tgz |
Description:
|
Attackwatch is intended to enhance the security of small private networks that are already protected by a restrictively configured firewall but which still have a few ports open. Attackwatch will analyze the firewall output in near-realtime and will run scripts in response to incoming packets that got logged.
| | File Size: | 8587 | | Last Modified: | Apr 22 14:32:02 2001 |
| MD5 Checksum: | ec92a6f2524a4b294d6cf9f451278d66 |
|
| /// File Name: |
check-ps-1.3.2.tar.gz |
Description:
|
Check-ps is a program that is designed to detect rootkit versions of ps that fail to tell you about selected processes. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods. You are encouraged to check the signatures, available here.
| | Author: | Duncan Simpson | | Homepage: | http://checkps.alcom.co.uk | | Changes: | Includes extended kill scanning which will detect LKM's such as adore-0.34. Includes new tests to generate a list of PID's by brute force. | | File Size: | 131883 | | Last Modified: | Apr 19 17:34:24 2001 |
| MD5 Checksum: | badf7b5b86b9afda47f8ff0f125253b1 |
|
| /// File Name: |
riley-0.1.tar.gz |
Description:
|
Unavailable.
| | File Size: | 0 | | Last Modified: | Mar 28 19:49:42 2001 |
| MD5 Checksum: | d41d8cd98f00b204e9800998ecf8427e |
|
| /// File Name: |
sentinel-1.2.1.tar.gz |
Description:
|
Sentinel is a fast file integrity checker similar to Tripwire or ViperDB with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database.
| | Homepage: | http://zurk.sourceforge.net/zfile.html | | Changes: | A -fullcheck option has been added which allows you to check for files added to the drive even if they are not in the database. The efficiency and speed of the algorithms for checking and database creation have also been improved, allowing it to work at or near a hard disk's max throughput limits. | | File Size: | 407678 | | Last Modified: | Mar 21 17:11:09 2001 |
| MD5 Checksum: | 1dd56b8670f857d7f1299bbe7dd3ced7 |
|
| /// File Name: |
viperdb-0.9.8.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | Changes: | Bug fixes. | | File Size: | 8912 | | Last Modified: | Mar 16 20:36:17 2001 |
| MD5 Checksum: | 06e45f947a32c646357c66ef6e6cec25 |
|
| /// File Name: |
viperdb-0.9.7.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | Changes: | This release adds bugfixes in symlink handling, improved detecting of corrupted databases, and a directory-specific option to ignore mtime changes. Upgrading and re-initing of databases is recommended. | | File Size: | 8976 | | Last Modified: | Mar 9 21:18:05 2001 |
| MD5 Checksum: | e521d9db7b17c8e4294fb38937128d88 |
|
| /// File Name: |
viperdb-0.9.6.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | Changes: | Fixes for bugs introduced by the 0.9.5 rewrite, new/strengthened internal security checks, and minor updates. | | File Size: | 8488 | | Last Modified: | Mar 5 19:11:27 2001 |
| MD5 Checksum: | 49900d5fbfa3364c1025430316cac4d6 |
|
| /// File Name: |
tripwire-2.3.1-2.tar.gz |
Description:
|
Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
| | Homepage: | http://sourceforge.net/projects/tripwire | | Changes: | Support for FreeBSD 4.2 and bug fixes. | | File Size: | 1514955 | | Last Modified: | Mar 4 22:59:38 2001 |
| MD5 Checksum: | 6a15fe110565cef9ed33c1c7e070355e |
|
| /// File Name: |
mod_id_1.0.tar.gz |
Description:
|
Mod_Id is an interesting Apache Module which is an IDS system watching for suspicious URL's.
| | Author: | Burak | | Homepage: | http://www.hacettepe.edu.tr/~burak | | File Size: | 31774 | | Last Modified: | Feb 27 02:19:40 2001 |
| MD5 Checksum: | 695e16ef65ffaf086eaca589a1f92212 |
|
| /// File Name: |
viperdb-0.9.3.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | File Size: | 5997 | | Last Modified: | Feb 23 17:37:31 2001 |
| MD5 Checksum: | 2170734913963ac2e62e00288ba14cb9 |
|
| /// File Name: |
md5mon-1.3a.tar.gz |
Description:
|
MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
| | Homepage: | http://members.linuxstart.com/~winitzki/md5mon.html | | Changes: | A bugfix where checksums were not updated correctly in some cases. | | File Size: | 11556 | | Last Modified: | Feb 23 17:26:09 2001 |
| MD5 Checksum: | 056b68dce82a2bededb23634ffa2a935 |
|
| /// File Name: |
integrit-1.06.06.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | The byte-order problem was solved, allowing integrit to run properly on big-endian machines. An RPM spec file was added. The report includes more information and is more readable. More error checking and code enhancements were added. Portability has been improved after abandoning readdir_r. | | File Size: | 156974 | | Last Modified: | Feb 20 18:03:22 2001 |
| MD5 Checksum: | 8d7f2abfb648a69e89778c72466c63ed |
|
| /// File Name: |
monitord-3.5beta.tar.gz |
Description:
|
The Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
| | Homepage: | http://sourceforge.net/projects/monitord | | File Size: | 32437 | | Last Modified: | Feb 8 18:26:38 2001 |
| MD5 Checksum: | 20a7943b800f42d9b43dc7611a2d243d |
|
| /// File Name: |
ICU-0.3.tar.gz |
Description:
|
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
| | Homepage: | http://nitzer.dhs.org/ICU/ICU.html | | Changes: | Bug fixes and new features. | | File Size: | 43464 | | Last Modified: | Feb 4 22:12:45 2001 |
| MD5 Checksum: | 1bffbcb530e6a5967763d9c91faa5c28 |
|
| /// File Name: |
tripwire-2.3.0-50.tar.gz |
Description:
|
Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
| | Homepage: | http://www.tripwire.org | | Changes: | Security fixes with respect to temp file handling, as well a new global email option. | | File Size: | 1766895 | | Last Modified: | Feb 4 18:44:45 2001 |
| MD5 Checksum: | f244f48a3bf052acdc9c2341210285eb |
|
| /// File Name: |
prelude-0.1.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://www.linux-mandrake.com/prelude | | File Size: | 723657 | | Last Modified: | Jan 30 15:16:16 2001 |
| MD5 Checksum: | f95b2b2bb5e3231dba913df8bf2d4a94 |
|
| /// File Name: |
integrit-1.05.03.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | First stable release! Includes a new tool, i-ls, that allows users to view integrit-related information (ctime, SHA-1 checksum, etc.) for live files. Also, there are improvements to the installation procedures portability. | | File Size: | 152992 | | Last Modified: | Jan 22 21:41:35 2001 |
| MD5 Checksum: | 7ad01d9e2bac28d47e439ea23d1d7cbf |
|
| /// File Name: |
FCheck_2.7.55.tar.gz |
Description:
|
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Michael A. Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | Fixed bugs in the "Exclude" routine. | | File Size: | 32398 | | Last Modified: | Dec 11 22:01:49 2000 |
| MD5 Checksum: | 9920799b580d5d729c561a7d69abdcc8 |
|
| /// File Name: |
ICU-0.1.tar.gz |
Description:
|
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
| | Homepage: | http://nitzer.dhs.org/ICU/ICU.html | | File Size: | 35881 | | Last Modified: | Dec 8 03:21:55 2000 |
| MD5 Checksum: | ed1e20bda4f0c0ba76e78556712282b9 |
|
| /// File Name: |
Adwids0_8B2.sh |
Description:
|
The Defense Worx Network Intrusion Detection System is a linux based IDS which performs high-speed traffic analysis of a network packet to detect unauthorized traffic in real-time. Includes a Java based console to display alerts.
| | Author: | Defense Worx | | Homepage: | http://www.defenseworx.com | | Changes: | Bug fixes in the sensor, speed improvements, and Java GUI changes. | | File Size: | 170869 | | Last Modified: | Nov 29 23:03:28 2000 |
| MD5 Checksum: | c63df8c9433b044ae383367479921d21 |
|
| /// File Name: |
pakemon-0.3.0.tar.gz |
Description:
|
pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic. Tested on RedHat Linux 6.2j, OpenBSD2.7, FreeBSD 3.3, and NetBSD 1.4.
| | Homepage: | http://www.sfc.keio.ac.jp/~keiji/ids/pakemon | | File Size: | 109148 | | Last Modified: | Nov 29 04:07:36 2000 |
| MD5 Checksum: | 27e99d6a8e76d6b18741e19625018f6c |
|
| /// File Name: |
tailbeep-0.44.tar.gz |
Description:
|
Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).
| | Author: | Tommy. | | Homepage: | http://soomka.com | | Changes: | Added make rh60 so people with red hat 6.x can make binaries for glibc20 systems. | | File Size: | 11098 | | Last Modified: | Nov 15 16:27:00 2000 |
| MD5 Checksum: | 015101471825fd96f8214aea4fc96c42 |
|
| /// File Name: |
FCheck_2.07.54.tar.gz |
Description:
|
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Michael A. Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | The output was streamlined to display only details of what has changed. Individual file checking was added, along with checking of UID, GID, and major/minor numbers of special files. The database is now maintained in one file, allowing easier support of distributed systems. | | File Size: | 32492 | | Last Modified: | Nov 15 00:32:29 2000 |
| MD5 Checksum: | bdbe23a165ef4d8b99689d01a264bb2e |
|
| /// File Name: |
md5mon-1.3.tar.gz |
Description:
|
MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
| | Homepage: | http://members.linuxstart.com/~winitzki/md5mon.html | | File Size: | 11510 | | Last Modified: | Nov 3 18:53:59 2000 |
| MD5 Checksum: | e7d077559fe8383a728fca0c1cb1b734 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
