Section: .. / UNIX / IDS /
| /// File Name: |
slipwire.1-3.tar.gz |
Description:
|
slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | Extension of information gathered on indexed files, comparisons made to inode, last-modified, etc in addition to SHA signatures, tightening up of the Perl code, and elimination of calls to the shell. | | File Size: | 4621 | | Last Modified: | Feb 23 03:05:28 2000 |
| MD5 Checksum: | 70d3ac7d70df7d733027a2b36bd2f772 |
|
| /// File Name: |
logcalls.c |
Description:
|
Kernel module which logs specific system calls to a logfile. Tracks mkdir, rmdir, link, and open.
| | Author: | Pheisar | | Homepage: | http://www.ccl.pt/~pheisar/ | | File Size: | 4417 | | Last Modified: | Dec 7 15:38:36 1999 |
| MD5 Checksum: | 5bc913bf407e10e3b9113467871f1565 |
|
| /// File Name: |
whowatch-1.0.tar.gz |
Description:
|
whowatch v1.0 is an ncurses who-like utility that displays informations about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). Initial release. 4k.
| | Author: | Michal Suszycki | | File Size: | 4369 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | 3a2c7f8fe56376fea72014c4f5980605 |
|
| /// File Name: |
ViperDB-0.7.tar.gz |
Description:
|
ViperDB 0.7 - ViperDB was created as a smaller and faster option to Tripwire. ViperDB does not use a fancy all-in-one database to keep records. Instead it uses a plaintext db which is stored in each "watched" directory. By using this there is no real one attack point for an attacker to focus his attention on. This coupled with the running of ViperDB every 5 minutes (via cron root job) decreases the likelihood that an attacker will be able to modify your "watched" filesystem while ViperDB is monitoring your system.
| | Author: | J-Dog | | Changes: | Now logs to a standard logging facility instead of an individual file. Added '-checkstrict' functionality which changes permissions/owner/group back to what they were before the change was made to the file. Added exception(s) to '-checkstrict' which removes all permissions from the changed file if the file originally was SUID/GUID. Changed way filesystem changes are seen by admin, now a change only sends an alert to the logs once instead of repeatedly. | | File Size: | 4234 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 1809efd2508e5987e6a8d98139bf7e07 |
|
| /// File Name: |
sxid-secure.gz |
Description:
|
sXid Secure is an all in one suid/sgid monitoring script written in perl.
| | Author: | Ben Collins | | File Size: | 4123 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 439e4dd2da716074880ecbf2117749e0 |
|
| /// File Name: |
ktcpd-strobemasker-1.4.gz |
Description:
|
Linux 2.0.x kernel patch that protects you from strobes. Detects all strobes, logs all strobe attempts, refuses connections after a strobe begins, logs ALL packets (tcp, icmp, udp). Basically, makes your Linux box appear to be a Macintosh.
| | File Size: | 3961 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 7c328e4cd942e40046e3160a36512d0e |
|
| /// File Name: |
nannie-1.0.tar.gz |
Description:
|
Nannie's basic purpose is to watch system files that should not be changed, at least in theory. It monitors them for change in inode, size, etc notifies you if a change occurs. New features: completely rewritten, now logs to syslog instead of sending email, can handle a directory in nannie.cfg (will parse all files in directory), MUCH more error checking.
| | Author: | Cole Tuininga | | File Size: | 3826 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 9c0d3f60742929b511debecaf53fd162 |
|
| /// File Name: |
tmp-audit-0.4.tar.gz |
Description:
|
tmp-audit is a simple tool designed to monitor a directory and log changes (i.e /tmp).
| | Author: | Proof Of Concept | | Changes: | added -w option (dump file content), fixed some stuff in tmp-audit.h. | | File Size: | 3824 | | Last Modified: | Apr 25 11:21:33 1999 |
| MD5 Checksum: | 87e25b432b71a5685ae7cf21e217233e |
|
| /// File Name: |
syn.pl |
Description:
|
tcpdump script which detects network activity - designed specifically to detect new "stealth and undetectable" nmap v2.00-2.01 scans (TCP, SYN, FIN, Frag, Xmas, Null, and UDP, etc...).
| | Author: | Programmaton | | File Size: | 3776 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 1b643bc7c0fd8a37b6e0de3b3d27cadf |
|
| /// File Name: |
neped-libnet.tar.gz |
Description:
|
Network Promiscuous Ethernet Detector, rewriten with Libnet/libpcap so it works on FreeBSD, OpenBSD, and linux, possibly more. neped scans your subnet and detects promiscuous boxes that might be running sniffers or similar applications, using hacked ARPs (non broadcast), only listened by promiscuous ethernets.
| | Author: | CyberPsychotic | | File Size: | 3740 | | Last Modified: | Dec 13 17:37:42 1999 |
| MD5 Checksum: | ee928946f9d5187fe8a5c6224ad7ebf4 |
|
| /// File Name: |
decfingerd-0.7.tar.gz |
Description:
|
decfingerd 0.7: The Deception Finger Daemon. This program will take place of the original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system. Tested on: Linux 2.2.7 -- GCC 2.7.2.3, Solaris 2.7 -- EGCS 1.1.1, OpenBSD 2.5 -- GCC 2.8.1.
| | Author: | Jon Beaton | | File Size: | 3665 | | Last Modified: | Oct 4 15:53:28 1999 |
| MD5 Checksum: | e23d3683edd18ead71ac04d9708aa0d6 |
|
| /// File Name: |
sf-0.1b.tgz |
Description:
|
Secure Files 0.1b is a security tool that checks system integrity by comparing the MD5 checksums of flagged files against their earlier recorded checksums.
| | Author: | vENOMOUS | | Homepage: | http://www.rdcrew.com.ar | | File Size: | 3645 | | Last Modified: | Aug 28 22:19:23 2000 |
| MD5 Checksum: | cae75ec5225047150b2055ad309208b8 |
|
| /// File Name: |
bsb-monitor-1.0.tar.gz |
Description:
|
BSB-Monitor is a very simple network monitor. It scans the network periodically and offers the result as an HTML page and an easily parseable status file.
| | Author: | Darko Krizic | | File Size: | 3494 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 4cfd294d600b541f5d89171e25dfa85f |
|
| /// File Name: |
tmp-audit-0.3.tar.gz |
Description:
|
tmp-audit is a simple tool designed to monitor a directory and log changes (i.e /tmp). New file size, variable refresh, and header beep options in this release.
| | Author: | Proof Of Concept | | File Size: | 3401 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | b902f220dd12ba87319a661c9f9f361c |
|
| /// File Name: |
seclog |
Description:
|
Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information, and notify you via email.
| | Author: | Dilusi0n | | Homepage: | http://www.gotr00t.com/~dilusi0n/ | | File Size: | 3391 | | Last Modified: | Mar 23 16:03:00 2000 |
| MD5 Checksum: | 478b20c9c35d7911278969dcfdac5aae |
|
| /// File Name: |
slipwire.1-2.tar.gz |
Description:
|
slipwire.pl is a simple filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | A fix for a bug in the iteration count when comparing files to hashes, a quick reader script for dumping the contents of the DBM file, an example file list, and a tidied-up README. | | File Size: | 3374 | | Last Modified: | Feb 18 15:31:17 2000 |
| MD5 Checksum: | cdfb0e35ca41c8dce84498b0c20842be |
|
| /// File Name: |
ncsfck.tar.gz |
Description:
|
NCSfck v1.2.0 - NCSFCK creates a database of important files like "/bin/login". Run as a cronjob for maximum effectiveness. Monitors for backdoor(s) and other trojan(s). web site
| | File Size: | 3171 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | ec3abf28c3eee9a81bd0992522d88c41 |
|
| /// File Name: |
decfingerd-0.6.tar.gz |
Description:
|
dfingerd v0.6 takes the place of your original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system.
| | Author: | Jon Beaton | | File Size: | 3164 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | def43c1a780975756a13905667886685 |
|
| /// File Name: |
portsentry.sample.txt |
Description:
|
Unavailable.
| | File Size: | 3154 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 6ecd6e85e507606a05d23cec2d3686c8 |
|
| /// File Name: |
pmids-1.3.tgz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://www.darkie.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=22&ttitle=Poor_Man's_IDS | | Changes: | New self-check portion, a new ability to pull signatures from a remote location (default is the author's Web site, and you must have wget for this feature to work). | | File Size: | 3127 | | Last Modified: | Jun 12 23:13:49 2002 |
| MD5 Checksum: | 6bc9015ccff5dd993e1b7d4549c80f2a |
|
| /// File Name: |
sfck.tar.gz |
Description:
|
Sfck is a program that locates file changes on your linux system. It keeps a database which you can put on a read-only disk to make sure no changes take place from a hacker/intruder. When a file change is detected it mails root.
| | Author: | Vision | | File Size: | 3027 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 059733c5a98c11ca907f0160ee6b3a74 |
|
| /// File Name: |
nannie-0.9.tar.gz |
Description:
|
Nannie's basic purpose is to watch system files that should not be changed, at least in theory. It monitors them for change in inode, size, etc notifies you if a change occurs.
| | Author: | Cole Tuininga | | File Size: | 3014 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 525a3abec51832be1e49aa54a828023f |
|
| /// File Name: |
triplight.tar.gz |
Description:
|
Triplight 0.01 - Triplight is an intrusion detection, and integrity monitor system. It is a simpler version of tripwire, developed in perl. This release is rather unpolished (you need to hack up a crontab file, and to set a file path in the perl source), but fully functional. To accomplish it's design goals, it reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses. Thus by monitoring the integrity of the system, triplight will serve as an aid in intrusion detection.
| | Author: | Snupe | | Homepage: | http://linux.rice.edu/magic/triplight | | File Size: | 2993 | | Last Modified: | Jan 21 19:52:19 2000 |
| MD5 Checksum: | 65c3eabda7b87a4648e9fc73dd4c62df |
|
| /// File Name: |
checksums-1.0.tar.gz |
Description:
|
Checksums takes a file of predetermined MD5 checksums and compares with the current sum. It can be installed as a command line tool, or as a CGI which will allow you to upload the sums file remotely. In either case it is a useful tool to detect changes in your system files, such as a trojan.
| | Author: | Mike | | File Size: | 2865 | | Last Modified: | Jan 10 15:15:12 2000 |
| MD5 Checksum: | 0510644d9d3ff548bfd58f9c0ef75b13 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
