Section: .. / UNIX / IDS /
| /// File Name: |
FCheck_2.07.54.tar.gz |
Description:
|
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Michael A. Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | The output was streamlined to display only details of what has changed. Individual file checking was added, along with checking of UID, GID, and major/minor numbers of special files. The database is now maintained in one file, allowing easier support of distributed systems. | | File Size: | 32492 | | Last Modified: | Nov 15 00:32:29 2000 |
| MD5 Checksum: | bdbe23a165ef4d8b99689d01a264bb2e |
|
| /// File Name: |
monitord-3.5beta.tar.gz |
Description:
|
The Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
| | Homepage: | http://sourceforge.net/projects/monitord | | File Size: | 32437 | | Last Modified: | Feb 8 18:26:38 2001 |
| MD5 Checksum: | 20a7943b800f42d9b43dc7611a2d243d |
|
| /// File Name: |
FCheck_2.7.55.tar.gz |
Description:
|
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Michael A. Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | Fixed bugs in the "Exclude" routine. | | File Size: | 32398 | | Last Modified: | Dec 11 22:01:49 2000 |
| MD5 Checksum: | 9920799b580d5d729c561a7d69abdcc8 |
|
| /// File Name: |
mod_id_1.0.tar.gz |
Description:
|
Mod_Id is an interesting Apache Module which is an IDS system watching for suspicious URL's.
| | Author: | Burak | | Homepage: | http://www.hacettepe.edu.tr/~burak | | File Size: | 31774 | | Last Modified: | Feb 27 02:19:40 2001 |
| MD5 Checksum: | 695e16ef65ffaf086eaca589a1f92212 |
|
| /// File Name: |
gogmagog-4.tar.gz |
Description:
|
gogmagog 4 - GogMagog is a multiplatform sysadmin tool for monitoring the integrity of networkwide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is relatively network architecture independent. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface (named GogView) on the server. GogMagog works on Linux, AIX, HP-UX and Solaris.
| | Author: | C. Parisel | | Changes: | encrypted profiles, security improvements. | | File Size: | 31625 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 973b264138f4cc0f732242cd96f7d54c |
|
| /// File Name: |
ears-0.7.tar.gz |
Description:
|
EARS (Emergency Audit Response System) v0.7 - EARS is a console tool designed to detect, monitor and respond to annomalies (such as intrusions) in real time. It offers complete control of the process table, filesystem(s) and network interface(s) maintained by the operating system. Autonomous functionality is optional as a separate module.
| | Author: | Tishina Syndicate | | File Size: | 31272 | | Last Modified: | Aug 16 20:02:36 1999 |
| MD5 Checksum: | b930fa48b3ad122aeb0b95a61563e2a7 |
|
| /// File Name: |
spar-1.2.tar.gz |
Description:
|
'spar' is used to select records from a UNIX process accounting file. It is usually faster than most 'lastcomm's and significantly more flexible and powerful.
| | Homepage: | ftp://coast.cs.purdue.edu/pub/tools/unix/TAMU/ | | File Size: | 30489 | | Last Modified: | Jan 10 03:00:00 1994 |
| MD5 Checksum: | cb7c0b827c5642c3086d25e14fb5e1f6 |
|
| /// File Name: |
trojan.pl |
Description:
|
Perl script that searches for trojan horses installed on system.
| | File Size: | 30278 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 339cac93ec494932fb1440e199eaec77 |
|
| /// File Name: |
logcheck-1.1.1.tar.gz |
Description:
|
Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail.
| | Author: | Craig Rowland | | Homepage: | http://www.psionic.com/ | | File Size: | 30267 | | Last Modified: | Dec 2 15:22:37 1999 |
| MD5 Checksum: | e97c2f096e219e20310c1b80e9e1bc29 |
|
| /// File Name: |
ctm-1.2.tar.gz |
Description:
|
ctm 1.2 - CTM is an SNMP interface statistics gatherer which works as a daemon and polls SNMP capable routers in regular intervals and puts the gathered information into a database. Information gathered includes operational status of the interface, octets and packets sent and received, line errors, and queue discards, but CTM can easily be changed to log any interface specific SNMP variable. CTM comes with an example report script which gives traffic and line error summaries for certain periods of time.
| | Author: | Lars Fenneberg | | Changes: | Version 1.2 corrects delta counters accordingly when the router is rebooted. | | File Size: | 29374 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 31d9138ff9dc261b78c50092649863e1 |
|
| /// File Name: |
ctm-1.1.tar.gz |
Description:
|
CTM 1.1 is your basic SNMP Traffic Monitor.
| | Author: | CTM web site | | File Size: | 29164 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 8904a579f247d4ee16a172c387e7d2c6 |
|
| /// File Name: |
ctm-1.0.tar.gz |
Description:
|
CTM 1.0 is your basic SNMP Traffic Monitor.
| | Author: | CTM web site | | File Size: | 28903 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 1ca5b5279411facaddef1fd5d002fdfe |
|
| /// File Name: |
mod_protection-0.0.1.tar.gz |
Description:
|
Mod_Protection is an apache module that integrate basic function of an IDS (intrusion detection system) and of a firewall (not yet). Your apache administrator have only to install mod_protection and define rules. When a malicious client sends a request that matches on your rules the administrator will be warned and the client gets a user defined page or a error or something that notifies that now he will be persecuted or ... The warning system just write on a socket, so you can put on the other side of the socket an application that send you a mail, an SMS, a message in your favorite IM or a notify in your IRC client.
| | Author: | Yaroze | | Homepage: | http://www.twlc.net | | File Size: | 26222 | | Last Modified: | Mar 6 12:33:27 2002 |
| MD5 Checksum: | 6fb1604b85b63660b43d0806103a3d84 |
|
| /// File Name: |
FCheck_2.07.51.tar.gz |
Description:
|
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Mike Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | Fixes for the configuration files trailing space bug (fixed security hole), major bug fixes. | | File Size: | 25612 | | Last Modified: | Apr 11 18:13:21 2000 |
| MD5 Checksum: | 5e475dbaa313aa77d94bc4756ace47c5 |
|
| /// File Name: |
covert-tcp-channels.zip |
Description:
|
Unavailable.
| | File Size: | 25179 | | Last Modified: | Aug 16 20:02:15 1999 |
| MD5 Checksum: | a3af54ba614e8cb5743f3850ef482124 |
|
| /// File Name: |
autostatus-1.1.tar.gz |
Description:
|
autostatus is yet another network monitoring program. Easy to use and configure, fast and efficient. It exploits maximum parallelism during its checking to speed up monitoring.
| | Author: | Dave Andersen | | File Size: | 24943 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 134f76a43a3f0397f856250dd9e8e900 |
|
| /// File Name: |
logcheck-1.1.tar.gz |
Description:
|
Logcheck will automatically monitor your system logs and mail security violations to you on a periodic basis. Freeware clone of the logcheck program shipped with the TIS Gauntlet Firewall system
| | File Size: | 24367 | | Last Modified: | Aug 16 20:02:15 1999 |
| MD5 Checksum: | c53a0753db4763b533511150c9584fa9 |
|
| /// File Name: |
swatch-3.0.2.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://oit.ucsb.edu/~eta/swatch | | Changes: | Defaults to /var/adm/messages now. Lots of bugs were fixed. | | File Size: | 24250 | | Last Modified: | Sep 6 01:46:02 2001 |
| MD5 Checksum: | 609a50a2c089417f76a6d13635407463 |
|
| /// File Name: |
swatch-3.0.4.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://www.stanford.edu/~atkins/swatch/ | | Changes: | Fixed a big bug involving key value assignment when throttling. | | File Size: | 24157 | | Last Modified: | Nov 14 03:00:20 2001 |
| MD5 Checksum: | ce290dd2cae6ce834f59e24d97a30d3b |
|
| /// File Name: |
FCheck_2.07.45.tar.gz |
Description:
|
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Mike Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | File Size: | 23899 | | Last Modified: | Oct 20 14:50:02 1999 |
| MD5 Checksum: | 88d587fa9a0254f370db3c4d569dc4bb |
|
| /// File Name: |
LaBrea.tgz |
Description:
|
LaBrea v2.0 is a program that creates a tarpit or, as some have called it, a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
| | Author: | Tom Liston | | Homepage: | http://www.hackbusters.net/LaBrea | | Changes: | New command line option -p to keep tcp connections in the "persist" state, which can hold on to threads for a long time. | | File Size: | 23860 | | Last Modified: | Sep 18 23:23:53 2001 |
| MD5 Checksum: | 7365fb2beff6fa486908a1419e0de0ae |
|
| /// File Name: |
abacus-sentry.lsm |
Description:
|
Detailed descriptions of the PortSentry, HostSentry, and LogCheck tools included in the Abacus Project suite of Intrusion Detection tools. Abacus Project web site
| | File Size: | 23386 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 54b8d9d6eadd7f6f9195e6c9b8027646 |
|
| /// File Name: |
watcher.c |
Description:
|
Network monitoring tool - detect rogue incoming packets indicative of potential attacks.
| | File Size: | 23323 | | Last Modified: | Aug 16 20:02:17 1999 |
| MD5 Checksum: | 637e9eac6525213a96b59aedbadfc049 |
|
| /// File Name: |
wsm-0.9.5.tgz |
Description:
|
WSM: Web based System Monitor v0.9.5 is a Web accessible System Monitor for Linux featuring: Kernel (uname,lsmod,cpuinfo,free), Syslog (syslog, messages), Users (who), Jobs (ps -axjf), Disks (mount, df), Network (netstat -n), Routes (route -n), ISDN (imontty), VBox (vboxadm), IP Accounting (acct).
| | Author: | Dirk G.K. Mueller | | File Size: | 22167 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 451cbd6769df7dc06fbe7f5e7c7924a0 |
|
| /// File Name: |
ipacl.tar.gz |
Description:
|
SYSV.4 module that implements packet filtering within the kernel.
| | File Size: | 21885 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | 5b71efc483ce170b23578410df89231c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
