Section: .. / UNIX / IDS /
| /// File Name: |
icmpinfo-1.11.tar.gz |
Description:
|
Tracks ICMP packets, allowing you to proactively watch for suspicious behaviour, mainly ICMP unreachables.
| | File Size: | 13712 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | 65c3acdf2f87f9ab9aa1a055d76f8976 |
|
| /// File Name: |
shoneypot-0.2-3.tar.gz |
Description:
|
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
| | Homepage: | http://sourceforge.net/projects/single-honeypot | | Changes: | Pop3 target added and commands of the SMTP target have been added and modified. | | File Size: | 13302 | | Last Modified: | Sep 20 12:04:59 2002 |
| MD5 Checksum: | d449ea1d6be95ffea39501e2f044361e |
|
| /// File Name: |
overcr-1.49.02.tar.gz |
Description:
|
OverCR 1.49.02 - OverCR is a remote systems monitoring tool that utilizes a simple language for queries. It is designed as a GPL'd program similar to the popular (and non-GPL) Big Brother Monitoring system.
| | Author: | Eric Molitor | | Changes: | Configuration file support completed, minor documentation fixes, minor cleaning and formating of source. | | File Size: | 13185 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 6ae461e9e01a97b6e47695f87462fd1b |
|
| /// File Name: |
nabou-1.2.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.0x49.org/nabou/ | | File Size: | 12991 | | Last Modified: | Aug 7 14:58:59 2000 |
| MD5 Checksum: | 98aac6f969c6ffe61a5e4618e2a644a4 |
|
| /// File Name: |
overcr-1.49.01.tar.gz |
Description:
|
OverCR 1.49.01 - OverCR is a simple system monitoring tool that utilizes a simple language for queries. It is designed as a GPL'd program similar to the popular (and non-GPL) Big Brother Monitoring system.
| | Author: | Eric Molitor | | Changes: | First 1.50 beta featuring new config file based configuration. "System Monitoring is an important and expensive task. Fortunately free tools such as Big Brother have become available. Unfortunately these tools are not free in the GNU sense. In addition the shell script format of Big Brother leaves something to be desired in my opinion. Therefore I've started writing Over-CR, a GPL Network Monitoring software."--Eric Molitor | | File Size: | 12948 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | a68cee6f17be4e0806ee23797f112899 |
|
| /// File Name: |
icmp.tar.gz |
Description:
|
IMON is a powerful tool to monitor/analyze ICMP traffic on your LAN. With IMON you are able to analyze ICMP messages going through your network interface.
| | Author: | Stealth of KALUG | | File Size: | 12876 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 40507b1604c5b53e75a9b502d6972865 |
|
| /// File Name: |
logscanner-0.9b.tar.gz |
Description:
|
The purpose behind the log scanner is to enable a system administrator to set up a log parser that will contact them (or others) when predefined anomalies are discovered in a log file. web site
| | File Size: | 12872 | | Last Modified: | Aug 16 20:02:28 1999 |
| MD5 Checksum: | 8a0e758de25617d30c98bd5e30d3e899 |
|
| /// File Name: |
gogmagog-2.1.tar.gz |
Description:
|
Unix systems integrity monitor used to ensure core resources are left unaltered on a given host. gogmagog is composed of highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind. This version has a GogView GUI that makes it much easier to monitor multiple hosts.
| | Author: | C. Parisel | | File Size: | 12867 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 16127b758ce2654bbf7ab501f1e7679b |
|
| /// File Name: |
viperdb_v0.9.1.pl.txt |
Description:
|
ViperDB was created as a smaller and faster option to Tripwire. ViperDB does not use a fancy all-in-one database to keep records. Instead it uses a plaintext db which is stored in each "watched" directory. By using this there is no real one attack point for an attacker to focus his attention on. This coupled with the running of ViperDB every 5 minutes (via cron root job) decreases that likelihood that an attacker will be able to modify your "watched" filesystem while ViperDB is monitoring your system.
| | Author: | J-Dog | | Homepage: | http://www.resentment.org/projects/viperdb/ | | Changes: | Ignore file functionality which allows user to specify files to ignore added. Updated code works better on solaris, updated ls options to lAcr for solaris instead of standard laAs. Splitting permissions code cleaned out into owner, group, all perms. | | File Size: | 12573 | | Last Modified: | Feb 22 18:40:58 2000 |
| MD5 Checksum: | 3018ff63bf0aa467d1e34769ab332416 |
|
| /// File Name: |
gogmagog-2.tar.gz |
Description:
|
Unix systems integrity monitor used to ensure core resources are left unaltered on a given host. gogmagog is composed of highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind. This version has a GogView GUI that makes it much easier to monitor multiple hosts.
| | Author: | C. Parisel | | File Size: | 12342 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 928bfc3edd38b1e18d4863a7e36d8cbe |
|
| /// File Name: |
instmon-1.2.tar.gz |
Description:
|
instmon is a shell script that monitors installations and detects the files that were added or modified. It can be very helpful for packages that only come in source form. It can be used by system administrators and simple users alike. instmon home page
| | File Size: | 12330 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 81be9cb76ff83503f46dedd5c0b127bc |
|
| /// File Name: |
ifstatus2.2.tar.gz |
Description:
|
Ifstatus checks all network interfaces on the system, and reports any that are in debug or promiscuous mode, which may be a sign of unauthorized access to the system.
| | Author: | David A. Curry | | File Size: | 12295 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 3da19339275d0f06fb48620f79ef6499 |
|
| /// File Name: |
shoneypot-0.2.tar.gz |
Description:
|
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
| | Homepage: | http://sourceforge.net/projects/single-honeypot | | Changes: | Added install script, and added more responses to the SMTP target. | | File Size: | 12140 | | Last Modified: | Aug 14 02:06:59 2002 |
| MD5 Checksum: | 12b81eaafcaad1dde6291f4c1b79823c |
|
| /// File Name: |
darc-0.3.47.tgz |
Description:
|
Darc is a utility for managing large Aide installations in heterogeneous environments. It eliminates the need to maintain read-only media on every system, and provides unified reporting on filesystem changes across all machines.
| | Author: | Jacob Martinson | | Homepage: | http://icculus.org/projects/darc/ | | File Size: | 11683 | | Last Modified: | Apr 29 06:11:10 2006 |
| MD5 Checksum: | 64d89f53bfc800b92b3b8fea9903b4d5 |
|
| /// File Name: |
md5mon-1.3a.tar.gz |
Description:
|
MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
| | Homepage: | http://members.linuxstart.com/~winitzki/md5mon.html | | Changes: | A bugfix where checksums were not updated correctly in some cases. | | File Size: | 11556 | | Last Modified: | Feb 23 17:26:09 2001 |
| MD5 Checksum: | 056b68dce82a2bededb23634ffa2a935 |
|
| /// File Name: |
md5mon-1.3.tar.gz |
Description:
|
MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
| | Homepage: | http://members.linuxstart.com/~winitzki/md5mon.html | | File Size: | 11510 | | Last Modified: | Nov 3 18:53:59 2000 |
| MD5 Checksum: | e7d077559fe8383a728fca0c1cb1b734 |
|
| /// File Name: |
watchfile-1.0.tgz |
Description:
|
Watchfile will display a list of specified files on the screen, and continually update their stats. The stats displayed (i.e. file size, modified time, owner, etc.) can be configured on the command-line along with the update frequency.
| | Author: | Nick 'Zaf' Clifford | | Homepage: | http://www.nrc.co.nz/Zaf/apps/ | | Changes: | Finally out of beta. The ability to change the order of columns displayed has been added. Many bugs fixed. | | File Size: | 11461 | | Last Modified: | Feb 8 20:39:41 2000 |
| MD5 Checksum: | 0c4cdaad12fb03e23340849e170ebe19 |
|
| /// File Name: |
darc-0.3.42.tgz |
Description:
|
Darc is a utility for managing large Aide installations in heterogeneous environments. It eliminates the need to maintain read-only media on every system, and provides unified reporting on filesystem changes across all machines.
| | Author: | Jacob Martinson | | Homepage: | http://icculus.org/projects/darc/ | | File Size: | 11273 | | Last Modified: | Apr 25 18:30:27 2006 |
| MD5 Checksum: | 6f2b6fe69bb39970a14925a415612724 |
|
| /// File Name: |
tailbeep-0.44.tar.gz |
Description:
|
Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).
| | Author: | Tommy. | | Homepage: | http://soomka.com | | Changes: | Added make rh60 so people with red hat 6.x can make binaries for glibc20 systems. | | File Size: | 11098 | | Last Modified: | Nov 15 16:27:00 2000 |
| MD5 Checksum: | 015101471825fd96f8214aea4fc96c42 |
|
| /// File Name: |
netbusd.c |
Description:
|
A UNIX clone of Netbuster for Windows 95. Logs people attempting to exploit netbus.
| | Author: | BigDawg | | File Size: | 11063 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | bd0bce4c55db3aeec2f2e0f404f5d2e7 |
|
| /// File Name: |
logwatch-0.1.tgz |
Description:
|
Logwatch provides a client/server architecture for viewing logfiles on multiple machines on a network. With a single daemon process running on each participating computer, logfiles can be tailed from any authorized machine. Multiple logfiles on multiple machines can be followed with a single client process by specifying the machines and files to follow.
| | Author: | Jeremy Weatherford | | File Size: | 10935 | | Last Modified: | Nov 8 20:47:44 1999 |
| MD5 Checksum: | 418b659d5a8c3cc2ddbcc0d415f82710 |
|
| /// File Name: |
tailbeep-0.43.tar.gz |
Description:
|
Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).
| | Author: | Tommy. | | Homepage: | http://soomka.com | | Changes: | Added -F (frequency) and -M (milliseconds) option, added -x "command" option, cleaned up the help screen, and you can use -p and -P at the same time now if you want both the entire line and a predefined message. | | File Size: | 10930 | | Last Modified: | Oct 27 17:13:20 1999 |
| MD5 Checksum: | 15a439c9a8a5db135a96122b367ceb9b |
|
| /// File Name: |
ninja-0.1.2.tar.bz2 |
Description:
|
Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user.
| | Author: | Tom Rune Flo | | Homepage: | http://forkbomb.org/ninja/ | | Changes: | Minor updates. | | File Size: | 10796 | | Last Modified: | Sep 1 02:57:33 2005 |
| MD5 Checksum: | 3a94d665869c2c87adf194662353a211 |
|
| /// File Name: |
watchfile-0.9.tgz |
Description:
|
Watchfile will display a list of specified files on the screen, and continually update their stats. The stats displayed (i.e. file size, modified time, owner, etc.) can be configured on the command-line along with the update frequency.
| | Author: | Nick 'Zaf' Clifford | | Homepage: | http://www.nrc.co.nz/Zaf/apps/ | | File Size: | 10746 | | Last Modified: | Jan 11 17:50:37 2000 |
| MD5 Checksum: | 54465d5aa319edcf88a3e7d0eed07beb |
|
| /// File Name: |
filetraq-0.2.tgz |
Description:
|
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups.
| | Author: | Jeremy Weatherford | | Homepage: | http://filetraq.xidus.net | | Changes: | Comment lines are now permitted in the config file, wildcard matches are now possible, and entire directories can be checked. | | File Size: | 10659 | | Last Modified: | Jan 4 03:50:01 2000 |
| MD5 Checksum: | 91ea3b7350d795e2ad6e9d6da0954bc7 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
