Section: .. / UNIX / IDS /
| /// File Name: |
sid-0.4.1.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 55602 | | Last Modified: | Feb 22 22:30:39 2005 |
| MD5 Checksum: | 727dab87560a8f57a1f2d21b140a6e1a |
|
| /// File Name: |
libnids-1.20.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit, and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://libnids.sourceforge.net | | Changes: | Added wscale option parsing; surprisingly, it seems to be in some use, added nids_dispatch(), for systems which do not ignore pcap timeout, and the ability to specify hosts/networks for which we do not check checksums. | | File Size: | 119226 | | Last Modified: | Feb 18 00:18:56 2005 |
| MD5 Checksum: | a36cbd45cbada12420ecc8f82a7e0852 |
|
| /// File Name: |
radmind-1.4.1.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Build fix. | | File Size: | 335094 | | Last Modified: | Jan 29 03:58:40 2005 |
| MD5 Checksum: | a7c1bf571df3d13c3fe4c13abb3ff858 |
|
| /// File Name: |
radmind-1.4.0.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Added various support and bug fixes. | | File Size: | 342647 | | Last Modified: | Jan 18 01:55:03 2005 |
| MD5 Checksum: | 9e2eb883e5c4cfc6495f169594f4d180 |
|
| /// File Name: |
sid-0.4.0.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 56227 | | Last Modified: | Jan 10 20:37:24 2005 |
| MD5 Checksum: | 0c2ef91ee3b036381b08ebb89f2977ef |
|
| /// File Name: |
logcheck_1.2.33.tar.gz |
Description:
|
Logcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
| | Author: | Todd Troxell | | Homepage: | http://logcheck.org/ | | Changes: | Various updates. See changelog. | | File Size: | 88836 | | Last Modified: | Jan 10 20:33:12 2005 |
| MD5 Checksum: | d345b1f8f31a744cc9c966a6d34f4025 |
|
| /// File Name: |
samhain-2.0.3.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Multiple bug fixes. | | File Size: | 1029400 | | Last Modified: | Dec 30 04:46:31 2004 |
| MD5 Checksum: | 2d244cc22f939585061351bad0847760 |
|
| /// File Name: |
samhain-2.0.2a.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixes a buffer overflow condition. | | File Size: | 1027120 | | Last Modified: | Nov 10 03:37:17 2004 |
| MD5 Checksum: | ce63499179b8d71ee05efe7c72346be4 |
|
| /// File Name: |
logcheck_1.2.31.tar.gz |
Description:
|
Logcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
| | Author: | Todd Troxell | | Homepage: | http://logcheck.org/ | | File Size: | 86528 | | Last Modified: | Nov 10 03:30:12 2004 |
| MD5 Checksum: | f14efaf0494e4a2ce2840cfd8d7cf205 |
|
| /// File Name: |
sherpa-0.1.8.tgz |
Description:
|
sherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system.
| | Author: | Rick Crelia | | Homepage: | http://sherpa.lavamonkeys.com/ | | Changes: | Bug fixes and some optimizations. | | File Size: | 72308 | | Last Modified: | Nov 4 23:22:23 2004 |
| MD5 Checksum: | f19a47d6634f4ccea7dedef052a1b7c8 |
|
| /// File Name: |
samhain-2.0.1.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 1026747 | | Last Modified: | Nov 1 20:54:35 2004 |
| MD5 Checksum: | 32f380ef3a176e2760239947e6aa9336 |
|
| /// File Name: |
beltane-1.0.7.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | Changes: | Fixed processing of suidcheck/kernel updates. | | File Size: | 173301 | | Last Modified: | Nov 1 20:53:36 2004 |
| MD5 Checksum: | e173b4738b07dd9c305b9cd3fd6e6309 |
|
| /// File Name: |
pads-1.1.3.tar.gz |
Description:
|
Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
| | Author: | Matt Shelton | | Homepage: | http://passive.sourceforge.net/ | | Changes: | MAC Address Vendor Resolution, PADS will now attempt to resolve the vendor name of a MAC address, bug fixes. | | File Size: | 628536 | | Last Modified: | Oct 7 00:47:34 2004 |
| MD5 Checksum: | 659063d820ebea77f64aaab28df7e806 |
|
| /// File Name: |
samhain-1.8.12a.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 963047 | | Last Modified: | Oct 7 00:26:19 2004 |
| MD5 Checksum: | 3af68af1f2cb048c65a4ed513fe10799 |
|
| /// File Name: |
radmind-1.3.2.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Various bug fixes and some support added. | | File Size: | 516271 | | Last Modified: | Oct 1 12:43:44 2004 |
| MD5 Checksum: | d94620d0808fd85e71112ce4caec798f |
|
| /// File Name: |
sid-0.3.10.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 49491 | | Last Modified: | Sep 21 04:16:43 2004 |
| MD5 Checksum: | 21f8d67b76623b7587ec469d2a3d141d |
|
| /// File Name: |
Libnids-W32-1.19.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit, and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://libnids.sourceforge.net | | Changes: | Ported to Win32 by Goldie. | | File Size: | 166773 | | Last Modified: | Sep 20 23:20:52 2004 |
| MD5 Checksum: | 3163f4f5ac4548afc204f71ec603d61f |
|
| /// File Name: |
samhain-1.8.11.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 761344 | | Last Modified: | Sep 9 02:04:53 2004 |
| MD5 Checksum: | f5c9fd4c9b0b45e312af0a00cbd85256 |
|
| /// File Name: |
pads-1.1.2.tar.gz |
Description:
|
Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
| | Author: | Matt Shelton | | Homepage: | http://passive.sourceforge.net/ | | Changes: | Bug fixes. Code optimization. New signatures. | | File Size: | 559111 | | Last Modified: | Sep 8 18:11:09 2004 |
| MD5 Checksum: | 8eb71f3fa800e5ace5d51fe907d0901f |
|
| /// File Name: |
impost-0.1rc1.tar.gz |
Description:
|
Impost is a multi-purpose scriptable network protocol security auditing tool designed for analyzing network attacks and exploitations while operating as a honey pot or packet sniffer.
| | Author: | ziplock | | Homepage: | http://impost.sourceforge.net/ | | Changes: | New features and various algorithmic improvements. | | File Size: | 369524 | | Last Modified: | Aug 30 23:34:33 2004 |
| MD5 Checksum: | 41c2e3e9c2b19df1a0f2e20b7c6a565f |
|
| /// File Name: |
nabou-2.4.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.nabou.org | | Changes: | Security bug fix. | | File Size: | 76345 | | Last Modified: | Aug 30 23:01:20 2004 |
| MD5 Checksum: | 508fc306ff5816970986f5d8a320483d |
|
| /// File Name: |
pads-1.1.1.tar.gz |
Description:
|
Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
| | Author: | Matt Shelton | | Homepage: | http://passive.sourceforge.net/ | | Changes: | Fixed a stack overflow. | | File Size: | 557311 | | Last Modified: | Aug 18 23:06:46 2004 |
| MD5 Checksum: | c30af9321d9d442586522e8d0dcf01c4 |
|
| /// File Name: |
radmind-1.3.1.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Various feature enhancements and bug fixes. | | File Size: | 515023 | | Last Modified: | Aug 17 21:35:11 2004 |
| MD5 Checksum: | c1a1c67bb9ec254db3432be2ee6d8dc5 |
|
| /// File Name: |
pads-1.1.tar.gz |
Description:
|
Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
| | Author: | Matt Shelton | | Homepage: | http://passive.sourceforge.net/ | | File Size: | 557605 | | Last Modified: | Aug 16 00:04:54 2004 |
| MD5 Checksum: | 47dbccdf65b5571661984f2ac97bc5af |
|
| /// File Name: |
sid-0.3.7.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 49564 | | Last Modified: | Aug 9 23:30:41 2004 |
| MD5 Checksum: | c9a3a9d58f24491cd8e8dd674a575eb3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
