Section: .. / UNIX / IDS /
| /// File Name: |
pmids-1.3.tgz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://www.darkie.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=22&ttitle=Poor_Man's_IDS | | Changes: | New self-check portion, a new ability to pull signatures from a remote location (default is the author's Web site, and you must have wget for this feature to work). | | File Size: | 3127 | | Last Modified: | Jun 12 23:13:49 2002 |
| MD5 Checksum: | 6bc9015ccff5dd993e1b7d4549c80f2a |
|
| /// File Name: |
sfck.tar.gz |
Description:
|
Sfck is a program that locates file changes on your linux system. It keeps a database which you can put on a read-only disk to make sure no changes take place from a hacker/intruder. When a file change is detected it mails root.
| | Author: | Vision | | File Size: | 3027 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 059733c5a98c11ca907f0160ee6b3a74 |
|
| /// File Name: |
nannie-0.9.tar.gz |
Description:
|
Nannie's basic purpose is to watch system files that should not be changed, at least in theory. It monitors them for change in inode, size, etc notifies you if a change occurs.
| | Author: | Cole Tuininga | | File Size: | 3014 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 525a3abec51832be1e49aa54a828023f |
|
| /// File Name: |
triplight.tar.gz |
Description:
|
Triplight 0.01 - Triplight is an intrusion detection, and integrity monitor system. It is a simpler version of tripwire, developed in perl. This release is rather unpolished (you need to hack up a crontab file, and to set a file path in the perl source), but fully functional. To accomplish it's design goals, it reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses. Thus by monitoring the integrity of the system, triplight will serve as an aid in intrusion detection.
| | Author: | Snupe | | Homepage: | http://linux.rice.edu/magic/triplight | | File Size: | 2993 | | Last Modified: | Jan 21 19:52:19 2000 |
| MD5 Checksum: | 65c3eabda7b87a4648e9fc73dd4c62df |
|
| /// File Name: |
checksums-1.0.tar.gz |
Description:
|
Checksums takes a file of predetermined MD5 checksums and compares with the current sum. It can be installed as a command line tool, or as a CGI which will allow you to upload the sums file remotely. In either case it is a useful tool to detect changes in your system files, such as a trojan.
| | Author: | Mike | | File Size: | 2865 | | Last Modified: | Jan 10 15:15:12 2000 |
| MD5 Checksum: | 0510644d9d3ff548bfd58f9c0ef75b13 |
|
| /// File Name: |
ng.sh |
Description:
|
ng.sh (netgaurd v1a1) uses tcpdump monitor for common attacks and then activates ipfwadm.
| | Author: | Ben-z | | File Size: | 2700 | | Last Modified: | Aug 16 20:02:45 1999 |
| MD5 Checksum: | 6b861113bde69593d7a9c777c34dde22 |
|
| /// File Name: |
Gbs.c |
Description:
|
Grazer1's Bait System opens a specific port and logs connections to it. Simple and ghetto way to log Netbus requests.
| | Author: | W. ter Maat | | File Size: | 2599 | | Last Modified: | Feb 22 18:40:58 2000 |
| MD5 Checksum: | eb7bffeff5bf8f893bbeb14cdb2f2649 |
|
| /// File Name: |
icmpmon.c |
Description:
|
icmpmon will show you all ICMP packets reaching your box, which could be useful in detecting attacks/portscans sometimes.
| | Author: | CyberPsychotic | | File Size: | 2579 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | d5afe56be732dcec59d8890f134620f6 |
|
| /// File Name: |
mat.lsm |
Description:
|
Unavailable.
| | File Size: | 2573 | | Last Modified: | Aug 16 20:02:17 1999 |
| MD5 Checksum: | 671c7a745de08df0a6873076c3d77e4f |
|
| /// File Name: |
openports-0.2.tar.gz |
Description:
|
OpenPorts is a simple script which can be run as a cron job every 5 minutes, checking the open and listening ports on the local system with netstat. If there is a difference since the last time it was run, an e-mail is sent to the system administrator containing the list of new open ports.
| | Author: | Sven Darkman Michaels | | Changes: | Better log analysis, and printing of only the changes. | | File Size: | 2263 | | Last Modified: | Oct 15 18:38:15 2000 |
| MD5 Checksum: | 76384d12f67d37cb17e9d0088d2ee771 |
|
| /// File Name: |
firesoft.tar.gz |
Description:
|
firesoft is a collection of Perl scripts for viewing snort-generated logs and ipchains logs. The package includes a bar chart creator from ipchains logs, to quickly view who has been scanning you the most.
| | Author: | Angelos Karageorgiou | | File Size: | 2026 | | Last Modified: | Nov 8 20:12:30 1999 |
| MD5 Checksum: | 8c68337186a4666bd70651c5764ed602 |
|
| /// File Name: |
seclogv03.tar.gz |
Description:
|
Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information and notify you via email.
| | Author: | Dilusi0n | | Homepage: | http://www.gotr00t.com/~dilusi0n/ | | Changes: | Major rewrite, all system calls have been removed, works much faster now, more secure, saves backups of the reports/mails it creates. | | File Size: | 1975 | | Last Modified: | Apr 3 20:02:57 2000 |
| MD5 Checksum: | 6ef5106814689b8a023946eaa3002edb |
|
| /// File Name: |
sploitmon.pl |
Description:
|
sploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 1902 | | Last Modified: | Jun 29 11:29:47 2000 |
| MD5 Checksum: | aa2fb5d66590141e34932b7013cb78d9 |
|
| /// File Name: |
tmp-audit.tar.gz |
Description:
|
tmp-audit is a tool designed to log directory changes (i.e /tmp). This release includes a signal-oriented interface instead sleep().
| | Author: | Proof Of Concept | | File Size: | 1823 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 4c8e94167bb2a9c5d2716be718c3dee8 |
|
| /// File Name: |
tcp_wrappers_7.6.BLURB |
Description:
|
Blurb for tcp_wrappers_7.6.tar.gz
| | File Size: | 1736 | | Last Modified: | Oct 5 18:31:44 1999 |
| MD5 Checksum: | 627fc45308e852c446c3606647fa8c34 |
|
| /// File Name: |
loginlog.c.gz |
Description:
|
Tails the wtmp file and reports all logins to syslog.
| | File Size: | 1713 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | c2b255849cc3e4300c46914c9f3e4268 |
|
| /// File Name: |
trappa.tar.gz |
Description:
|
Trappa detects a CGI scan and sends an alert message to syslog with the attackers IP+Web Browser. Works by installing decoy CGI scripts in the cgi-bin directory.
| | Author: | Narrow | | Homepage: | http://www.b0f.com | | File Size: | 1620 | | Last Modified: | May 7 18:26:54 2000 |
| MD5 Checksum: | 363448532830a960dc354287a21ad11f |
|
| /// File Name: |
suidshow.c |
Description:
|
suidshow.c is a linux lkm that will log any non-root user doing a setuid(0) or a setreuid(0,0) system call. CyberPsychotic
| | File Size: | 1594 | | Last Modified: | Oct 26 20:23:28 1999 |
| MD5 Checksum: | 241bfda6ea160e113020cfd540674192 |
|
| /// File Name: |
sockstat.tar.gz |
Description:
|
Simple C program written to display open ports on a given host. Useful for when things like netstat and sockstat might be backdoored.
| | Author: | duriel | | File Size: | 1583 | | Last Modified: | Jul 9 07:42:07 2006 |
| MD5 Checksum: | 69e90ab3d31c5acc04a8263c800cee6e |
|
| /// File Name: |
0x333hpl.c |
Description:
|
0x333hpl.c compares pids in /proc with ps aux output.
| | Author: | nsn | | Homepage: | http://www.0x333.org | | File Size: | 1569 | | Last Modified: | Apr 1 03:16:45 2003 |
| MD5 Checksum: | 5f2a93e4bdce690ddebb8ea38d6d2320 |
|
| /// File Name: |
mon-0.38.12.tar.gz.sign |
Description:
|
Unavailable.
| | File Size: | 344 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | ad94b4ce8e010a8c818e5ceb65fe5281 |
|
| /// File Name: |
mon-0.38pre7.tar.gz.sign |
Description:
|
PGP signature for mon 0.38pre7.
| | File Size: | 344 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | a421f18650959c0c54f9dc396bf301f2 |
|
| /// Directory: |
/ lsof / |
Description:
|
Unavailable.
| | Total Files: | 35 | | Last Modified: | Sep 5 21:20:51 2007 |
|
| /// Directory: |
/ nidsbench / |
Description:
|
nidsbench is a network intrusion detection system test suite. nidsbench is being published in the hopes that a more precise testing methodology might be applied to network intrusion detection, which is still a black art at best. This release of nidsbench includes: fragrouter: Implement all IP fragmentation attacks outlined in T. Ptacek and T. Newsham's "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January, 1998. tcpreplay: Replay saved tcpdump(8) dumpfiles at arbitrary speeds. nidsbench is published under a BSD-style license, and has been tested on the following platforms: OpenBSD 2.x, FreeBSD 3.x, BSD/OS 2.x, Linux (2.x kernels), Solaris 2.x (tcpreplay only).
| | Author: | Anzen Computing | | Total Files: | 18 | | Last Modified: | Sep 5 21:20:54 2007 |
|
| /// Directory: |
/ samhain / |
Description:
|
Unavailable.
| | Total Files: | 17 | | Last Modified: | Sep 5 21:20:57 2007 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
