Section: .. / UNIX / IDS /
| /// File Name: |
servme.tar |
Description:
|
Servme is a small daemon that listens on a port and logs the contents of all incoming connections to a file. New release allows emulation of ssh, Apache, VS-FTPD, telnetd, and generic open ports.
| | Author: | Chris | | Homepage: | http://www.cr-secure.net | | File Size: | 20480 | | Last Modified: | Aug 7 16:18:37 2004 |
| MD5 Checksum: | c317394522eebf8b04cb1b4ff4cfe6b5 |
|
| /// File Name: |
nabou-1.4.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.0x49.org/nabou/ | | Changes: | Many bugs were fixed. Some new commandline flags were added: --quiet (report only changes) and --update (update a database record for a file). It can now check the disk usage of a directory, and you can now define your own checks using inline Perl scriptlets. | | File Size: | 20235 | | Last Modified: | Aug 16 23:21:52 2000 |
| MD5 Checksum: | c7d6f2938e846c94ae4796a2d37467be |
|
| /// File Name: |
ficc-1.2.tar.gz |
Description:
|
File Integrity Command & Control (FICC) helps system administrators manage multiple Tripwire installations across their network. It maintains MD5 hashes for the three key Tripwire files (the config file, executable, and TW database) for every system it monitors. It retrieves these key files from each system via SCP and compares the computed signature against the signatures in the FICC signature database. If all three signatures match the database, FICC then connects to the host via SSH and runs Tripwire.
| | Author: | Terry Ott | | Homepage: | http://www.firsttracks.net/ficc/overview.php | | Changes: | The "quick_check" option for hosts was added, allowing FICC to download only the MD5 executable for the target host. If the checksum of the remote MD5 executable is unchanged, FICC then runs the remote MD5 executable on the remaining files (the Tripwire executable, database, and config file), dramatically reducing bandwidth usage and runtime. | | File Size: | 19981 | | Last Modified: | Nov 24 14:56:11 2003 |
| MD5 Checksum: | 6fb5b94ff86b6ec9f3a03acaac29b769 |
|
| /// File Name: |
eoe232.tar.gz |
Description:
|
Eyes on Exec 2.32 is a set of tools which you can use to build your own host based IDS. It watches for programs getting exec'd and logs information about it to a file. Combined with perl this can be extremely powerful. Requires linux kernel 2.2.
| | Author: | S. Krahmer | | File Size: | 19754 | | Last Modified: | Nov 15 19:12:12 1999 |
| MD5 Checksum: | 1667d49e89e15406b5db030836e7d798 |
|
| /// File Name: |
slocate-1.6.tar.gz |
Description:
|
Secure Locate 1.6 - Secure locate provides a secure way to index and quickly search for files on your system. It uses incremental encoding just like GNU locate to compress its database to make searching faster, but it will also store file permissions and ownership so that users will not see files they do not have access to. It is a bit slower than the GNU locate, but thats the price for security.
| | Author: | Kevin Lindsay. | | Changes: | Optimized some code to make updating the database much faster, patched to allow smoother installation on FreeBSD, and some other minor bug fixes. | | File Size: | 19413 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 6096f7b0e4c4761bb2257dd83405bdb9 |
|
| /// File Name: |
whowatch-1.3.tar.gz |
Description:
|
Whowatch is a ncurses who-like utility that displays information about the users currently logged on to the machine, in real-time. Besides standard information (login name, tty, host, user's process), the type of the connection (ie. telnet or ssh) is shown. You can toggle display between users' command or idle time. You can also view processes tree and send INT and KILL signals.
| | File Size: | 19175 | | Last Modified: | Dec 10 07:25:20 1999 |
| MD5 Checksum: | cb0547a0f61d85a19b2929e2bdd0f644 |
|
| /// File Name: |
whowatch-1.3.1.tar.gz |
Description:
|
Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.
| | Author: | Michal Suszycki | | Homepage: | http://wizard.ae.krakow.pl/~mike/ | | Changes: | Man page update, rpm package available, small bug fixes. | | File Size: | 19103 | | Last Modified: | Feb 29 04:19:38 2000 |
| MD5 Checksum: | 40ecee9cf96ea635b78972d8dde8863e |
|
| /// File Name: |
portmap_5beta.tar.gz |
Description:
|
See above.
| | File Size: | 18702 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | 781e16ed4487c4caa082c6fef09ead4f |
|
| /// File Name: |
slocate-1.5.tar.gz |
Description:
|
Secure Locate 1.5 - Secure locate provides a secure way to index and quickly search for files on your system. It uses incremental encoding just like GNU locate to compress its database to make searching faster, but it will also store file permissions and ownership so that users will not see files they do not have access to. It is a bit slower than the GNU locate, but thats the price for security.
| | Author: | Kevin Lindsay. | | Changes: | A couple of bug fixes but mostly new features. You can now search using basic POSIX regular expressions. It should also be noted that Redhat 6.0 has switched from GNU Locate to Secure Locate as the default filesystem indexing/searching mechanism. | | File Size: | 18683 | | Last Modified: | Aug 16 20:02:45 1999 |
| MD5 Checksum: | 15ad0eebaf97032015c8de884c1c238d |
|
| /// File Name: |
nettest-1.1.tar.gz |
Description:
|
nettest 1.1 - Nettest is a program which monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down. It's great for xDSL/Cable/Mission Critical Network Connections.
| | Author: | Rene Chaddock. | | Changes: | Fixed bug where pingnumber exibited other (unwanted) behaviour, fixed bug which caused nettest to crash under certain situations, more reliable email-sending code, added retrytime variable which allows nettest to try connection more frequently when connection is actually down. | | File Size: | 18681 | | Last Modified: | Aug 16 20:02:44 1999 |
| MD5 Checksum: | f233bf84fc53e84eda01124435b36dea |
|
| /// File Name: |
shoneypot-0.2-7.tar.gz |
Description:
|
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
| | Homepage: | http://sourceforge.net/projects/single-honeypot | | File Size: | 18651 | | Last Modified: | Apr 5 16:11:00 2004 |
| MD5 Checksum: | 7396dfe31a9485dcd5bb023c7dfb93bd |
|
| /// File Name: |
alert_1.3.tar |
Description:
|
IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.
| | Author: | Lance Spitzner | | Homepage: | http://www.enteract.com/~lspitz/ | | File Size: | 18432 | | Last Modified: | Nov 29 14:22:24 1999 |
| MD5 Checksum: | 59ead035a2a3d0d0079ebc74ec132664 |
|
| /// File Name: |
trafshow-1.3.tar.gz |
Description:
|
Ncurses based IP traffic monitoring software.
| | File Size: | 18211 | | Last Modified: | Aug 16 20:02:25 1999 |
| MD5 Checksum: | 2c05bd0721c4a8caf4180a8c03fa4d75 |
|
| /// File Name: |
autobuse-snap918416038.tar.gz |
Description:
|
Autobuse - snapshot918416038 - Autobuse is a log-monitoring program which automatically reports script-kiddie probes to whomever you like.
| | Author: | Grant Taylor. | | File Size: | 17879 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | a0ade06708a821c3a8ff8d7c64af4112 |
|
| /// File Name: |
petrovich-1.0.0.tar.gz |
Description:
|
Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
| | Author: | T. Kinch | | Homepage: | http://sourceforge.net/projects/petrovich | | File Size: | 17844 | | Last Modified: | Jul 21 00:13:00 2001 |
| MD5 Checksum: | a5657c6af0796b8738dc0b07563ba464 |
|
| /// File Name: |
swatch-3.0b1.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://www.stanford.edu/~atkins/swatch/ | | Changes: | Fixed a big bug involving key value assignment when throttling. | | File Size: | 17819 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 5969ec109979acd91b743815dda20a18 |
|
| /// File Name: |
autobuse-snap917980385.tar.gz |
Description:
|
Autobuse is a log-monitoring program which automatically reports script-kiddie probes to whomever you like.
| | Author: | Grant Taylor. | | File Size: | 17768 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 4486077dd1baa32ebd9a84d3c5fea042 |
|
| /// File Name: |
sensorTrends-0.6.tar.gz |
Description:
|
sensorTrends is a GPL web-based application that displays a high-level view of the ports that are being scanned over the course of time. The display is similar to the look and feel of Internet Storm Center (incidents.org). Supported log formats are Cisco router Access Control Lists (ACLs) syslog output, Cisco PIX firewall syslog output, Snort's portscan.log files and NetScreen syslog output, and more. Demonstration page available here.
| | Author: | John Weidley | | Homepage: | http://www.packetshack.org/index.php?page=sensorTrends | | File Size: | 17499 | | Last Modified: | Oct 30 14:00:05 2003 |
| MD5 Checksum: | e038e47abfe3838a0ae230d2465c1cf1 |
|
| /// File Name: |
rkdet-0.54.tar.gz |
Description:
|
Rkdet is a small daemon intended to catch someone installing a rootkit or running a packet sniffer.
| | Author: | Andrew Daviel | | Homepage: | http://vancouver-webpages.com/rkdet/ | | Changes: | Various bug fixes. | | File Size: | 17455 | | Last Modified: | Nov 20 20:24:47 2003 |
| MD5 Checksum: | 5950c3d8a3bb585d735826e2e03fb860 |
|
| /// File Name: |
nettest-1.0.tar.gz |
Description:
|
nettest v1.0 is a program that monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down.
| | Author: | Rene Chaddock. | | Changes: | Removed dependencies on external programs. More rcfile options for various configurable settings w/ almost foolproof defaults. More efficient ping code. Minor bug fixes. | | File Size: | 17430 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | c0705e221c389233bfd6fcc481c7e492 |
|
| /// File Name: |
autobuse-snap915639608.tar.gz |
Description:
|
Autobuse is Perl daemon which identifies probes and the like in logfiles and automatically reports them via email. Supports monitoring of Linux 2.0 ipfw and Apache logfiles.
| | Author: | Grant Taylor. | | File Size: | 17426 | | Last Modified: | Aug 16 20:02:36 1999 |
| MD5 Checksum: | e72e0946d4b61ee6000fec331c5a17b3 |
|
| /// File Name: |
slocate-1.4.tar.gz |
Description:
|
Indexes files and keeps record of permissions, ownership, location.
| | Author: | Kevin Lindsay. | | File Size: | 16751 | | Last Modified: | Aug 16 20:02:27 1999 |
| MD5 Checksum: | e5a40940985bbae9fb0fa09fb4fc368e |
|
| /// File Name: |
guard26.tar.gz |
Description:
|
This linux tool is more an early warning system than IDS. it scans system logs for signs of intrusion in real time. produces colored output on the tty, sends alerts and regular reports. Excellent database of suspicious logfile strings included.
| | Homepage: | http://www.penguin.cz/%7Eondrej/guard/ | | File Size: | 16161 | | Last Modified: | Dec 11 02:45:26 1999 |
| MD5 Checksum: | ffafa344ed46803c723b3aecc1ed66f3 |
|
| /// File Name: |
portmap_4.tar.gz |
Description:
|
Replacement portmapper with access control. Makes it somewhat harder to attack your RPC daemons, for example to steal YP password maps or NFS file handles. Must be linked against a library produced with a recent tcp wrapper release (see above). Tested with SunOS 4.1.x. Also supports HP-UX 9.0, AIX 3.x (bsdcc compiler with -D_SUN), AIX 4.x and Digital UNIX (OSF/1). If you run SunOS 4, the securelib library (see above) is better because it can also cope wit h direct attacks on your RPC daemons (i.e. attacks without assistance from portmap).
| | File Size: | 16152 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | a6aa06035dbaaac1103fcd87c18b3a5b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
