Section: .. / UNIX / IDS /
| /// File Name: |
nabou-1.7.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.nabou.org | | Changes: | Better command line behavior which now supports more configuration options. It is now possible to completely replace tripwire with nabou. | | File Size: | 86637 | | Last Modified: | Jun 1 19:59:06 2001 |
| MD5 Checksum: | 555546c4f0041d4eda99fd7e222ae832 |
|
| /// File Name: |
rdC-sf.1.0.tgz |
Description:
|
SF (securefiles) is a local intrusion detection system (IDS) which will get the hashes for the specified files and create a database which is then then it is encrypted with AES. The executable checks itself, and a phrase is displayed (we select it on the installation) every time the program run successfully.
| | Author: | Venomous | | Homepage: | http://www.rdcrew.com.ar | | File Size: | 51718 | | Last Modified: | May 30 16:24:48 2001 |
| MD5 Checksum: | e0f5bf109f1be32e108aa722ff74d60d |
|
| /// File Name: |
firestorm-0.1.2.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | This release allows rule criteria to be negated, includes a string/content matcher, support for bidirectional snort rules, a TTL matcher, an IP ID matcher, and lots of other little fixes. | | File Size: | 142774 | | Last Modified: | May 29 18:46:32 2001 |
| MD5 Checksum: | bc70351bf359f52a926f0e8273d12701 |
|
| /// File Name: |
prelude-0.3.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://www.linux-mandrake.com/prelude | | Changes: | Now includes on-demand SSL authentication and encryption between Prelude client and the Report server, an HTML reporting plugin, support for PPPOE layer, avoids duplicate operations between report plugins, and report server support for long options. The backup interface has been improved. | | File Size: | 636183 | | Last Modified: | May 3 17:35:11 2001 |
| MD5 Checksum: | 0334a402975d9adac964bc5527c58a3c |
|
| /// File Name: |
sentinel-1.2.1c.tar.gz |
Description:
|
Sentinel is a fast file integrity checker similar to Tripwire or ViperDB with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database.
| | Homepage: | http://zurk.sourceforge.net/zfile.html | | Changes: | Sentinel-user for individual users has been added. The copyright has been changed to the FSF. This release also contains minor makefile updates. | | File Size: | 443155 | | Last Modified: | Apr 24 21:24:03 2001 |
| MD5 Checksum: | 87a55fcb020303d4d8efe60317948c3a |
|
| /// File Name: |
attackwatch-0.0.1.tgz |
Description:
|
Attackwatch is intended to enhance the security of small private networks that are already protected by a restrictively configured firewall but which still have a few ports open. Attackwatch will analyze the firewall output in near-realtime and will run scripts in response to incoming packets that got logged.
| | File Size: | 8587 | | Last Modified: | Apr 22 14:32:02 2001 |
| MD5 Checksum: | ec92a6f2524a4b294d6cf9f451278d66 |
|
| /// File Name: |
check-ps-1.3.2.tar.gz |
Description:
|
Check-ps is a program that is designed to detect rootkit versions of ps that fail to tell you about selected processes. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods. You are encouraged to check the signatures, available here.
| | Author: | Duncan Simpson | | Homepage: | http://checkps.alcom.co.uk | | Changes: | Includes extended kill scanning which will detect LKM's such as adore-0.34. Includes new tests to generate a list of PID's by brute force. | | File Size: | 131883 | | Last Modified: | Apr 19 17:34:24 2001 |
| MD5 Checksum: | badf7b5b86b9afda47f8ff0f125253b1 |
|
| /// File Name: |
riley-0.1.tar.gz |
Description:
|
Unavailable.
| | File Size: | 0 | | Last Modified: | Mar 28 19:49:42 2001 |
| MD5 Checksum: | d41d8cd98f00b204e9800998ecf8427e |
|
| /// File Name: |
sentinel-1.2.1.tar.gz |
Description:
|
Sentinel is a fast file integrity checker similar to Tripwire or ViperDB with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database.
| | Homepage: | http://zurk.sourceforge.net/zfile.html | | Changes: | A -fullcheck option has been added which allows you to check for files added to the drive even if they are not in the database. The efficiency and speed of the algorithms for checking and database creation have also been improved, allowing it to work at or near a hard disk's max throughput limits. | | File Size: | 407678 | | Last Modified: | Mar 21 17:11:09 2001 |
| MD5 Checksum: | 1dd56b8670f857d7f1299bbe7dd3ced7 |
|
| /// File Name: |
viperdb-0.9.8.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | Changes: | Bug fixes. | | File Size: | 8912 | | Last Modified: | Mar 16 20:36:17 2001 |
| MD5 Checksum: | 06e45f947a32c646357c66ef6e6cec25 |
|
| /// File Name: |
viperdb-0.9.7.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | Changes: | This release adds bugfixes in symlink handling, improved detecting of corrupted databases, and a directory-specific option to ignore mtime changes. Upgrading and re-initing of databases is recommended. | | File Size: | 8976 | | Last Modified: | Mar 9 21:18:05 2001 |
| MD5 Checksum: | e521d9db7b17c8e4294fb38937128d88 |
|
| /// File Name: |
viperdb-0.9.6.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | Changes: | Fixes for bugs introduced by the 0.9.5 rewrite, new/strengthened internal security checks, and minor updates. | | File Size: | 8488 | | Last Modified: | Mar 5 19:11:27 2001 |
| MD5 Checksum: | 49900d5fbfa3364c1025430316cac4d6 |
|
| /// File Name: |
tripwire-2.3.1-2.tar.gz |
Description:
|
Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
| | Homepage: | http://sourceforge.net/projects/tripwire | | Changes: | Support for FreeBSD 4.2 and bug fixes. | | File Size: | 1514955 | | Last Modified: | Mar 4 22:59:38 2001 |
| MD5 Checksum: | 6a15fe110565cef9ed33c1c7e070355e |
|
| /// File Name: |
mod_id_1.0.tar.gz |
Description:
|
Mod_Id is an interesting Apache Module which is an IDS system watching for suspicious URL's.
| | Author: | Burak | | Homepage: | http://www.hacettepe.edu.tr/~burak | | File Size: | 31774 | | Last Modified: | Feb 27 02:19:40 2001 |
| MD5 Checksum: | 695e16ef65ffaf086eaca589a1f92212 |
|
| /// File Name: |
viperdb-0.9.3.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | File Size: | 5997 | | Last Modified: | Feb 23 17:37:31 2001 |
| MD5 Checksum: | 2170734913963ac2e62e00288ba14cb9 |
|
| /// File Name: |
md5mon-1.3a.tar.gz |
Description:
|
MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
| | Homepage: | http://members.linuxstart.com/~winitzki/md5mon.html | | Changes: | A bugfix where checksums were not updated correctly in some cases. | | File Size: | 11556 | | Last Modified: | Feb 23 17:26:09 2001 |
| MD5 Checksum: | 056b68dce82a2bededb23634ffa2a935 |
|
| /// File Name: |
integrit-1.06.06.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | The byte-order problem was solved, allowing integrit to run properly on big-endian machines. An RPM spec file was added. The report includes more information and is more readable. More error checking and code enhancements were added. Portability has been improved after abandoning readdir_r. | | File Size: | 156974 | | Last Modified: | Feb 20 18:03:22 2001 |
| MD5 Checksum: | 8d7f2abfb648a69e89778c72466c63ed |
|
| /// File Name: |
monitord-3.5beta.tar.gz |
Description:
|
The Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
| | Homepage: | http://sourceforge.net/projects/monitord | | File Size: | 32437 | | Last Modified: | Feb 8 18:26:38 2001 |
| MD5 Checksum: | 20a7943b800f42d9b43dc7611a2d243d |
|
| /// File Name: |
ICU-0.3.tar.gz |
Description:
|
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
| | Homepage: | http://nitzer.dhs.org/ICU/ICU.html | | Changes: | Bug fixes and new features. | | File Size: | 43464 | | Last Modified: | Feb 4 22:12:45 2001 |
| MD5 Checksum: | 1bffbcb530e6a5967763d9c91faa5c28 |
|
| /// File Name: |
tripwire-2.3.0-50.tar.gz |
Description:
|
Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
| | Homepage: | http://www.tripwire.org | | Changes: | Security fixes with respect to temp file handling, as well a new global email option. | | File Size: | 1766895 | | Last Modified: | Feb 4 18:44:45 2001 |
| MD5 Checksum: | f244f48a3bf052acdc9c2341210285eb |
|
| /// File Name: |
prelude-0.1.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://www.linux-mandrake.com/prelude | | File Size: | 723657 | | Last Modified: | Jan 30 15:16:16 2001 |
| MD5 Checksum: | f95b2b2bb5e3231dba913df8bf2d4a94 |
|
| /// File Name: |
integrit-1.05.03.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | First stable release! Includes a new tool, i-ls, that allows users to view integrit-related information (ctime, SHA-1 checksum, etc.) for live files. Also, there are improvements to the installation procedures portability. | | File Size: | 152992 | | Last Modified: | Jan 22 21:41:35 2001 |
| MD5 Checksum: | 7ad01d9e2bac28d47e439ea23d1d7cbf |
|
| /// File Name: |
FCheck_2.7.55.tar.gz |
Description:
|
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Michael A. Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | Fixed bugs in the "Exclude" routine. | | File Size: | 32398 | | Last Modified: | Dec 11 22:01:49 2000 |
| MD5 Checksum: | 9920799b580d5d729c561a7d69abdcc8 |
|
| /// File Name: |
ICU-0.1.tar.gz |
Description:
|
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
| | Homepage: | http://nitzer.dhs.org/ICU/ICU.html | | File Size: | 35881 | | Last Modified: | Dec 8 03:21:55 2000 |
| MD5 Checksum: | ed1e20bda4f0c0ba76e78556712282b9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
