Section: .. / UNIX / IDS /
| /// File Name: |
autobuse-snap915639608.tar.gz |
Description:
|
Autobuse is Perl daemon which identifies probes and the like in logfiles and automatically reports them via email. Supports monitoring of Linux 2.0 ipfw and Apache logfiles.
| | Author: | Grant Taylor | | File Size: | 17426 | | Last Modified: | Aug 16 20:02:36 1999 |
| MD5 Checksum: | e72e0946d4b61ee6000fec331c5a17b3 |
|
| /// File Name: |
slocate-1.4.tar.gz |
Description:
|
Indexes files and keeps record of permissions, ownership, location.
| | Author: | Kevin Lindsay | | File Size: | 16751 | | Last Modified: | Aug 16 20:02:27 1999 |
| MD5 Checksum: | e5a40940985bbae9fb0fa09fb4fc368e |
|
| /// File Name: |
guard26.tar.gz |
Description:
|
This linux tool is more an early warning system than IDS. it scans system logs for signs of intrusion in real time. produces colored output on the tty, sends alerts and regular reports. Excellent database of suspicious logfile strings included.
| | Homepage: | http://www.penguin.cz/%7Eondrej/guard/ | | File Size: | 16161 | | Last Modified: | Dec 11 02:45:26 1999 |
| MD5 Checksum: | ffafa344ed46803c723b3aecc1ed66f3 |
|
| /// File Name: |
portmap_4.tar.gz |
Description:
|
Replacement portmapper with access control. Makes it somewhat harder to attack your RPC daemons, for example to steal YP password maps or NFS file handles. Must be linked against a library produced with a recent tcp wrapper release (see above). Tested with SunOS 4.1.x. Also supports HP-UX 9.0, AIX 3.x (bsdcc compiler with -D_SUN), AIX 4.x and Digital UNIX (OSF/1). If you run SunOS 4, the securelib library (see above) is better because it can also cope wit h direct attacks on your RPC daemons (i.e. attacks without assistance from portmap).
| | File Size: | 16152 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | a6aa06035dbaaac1103fcd87c18b3a5b |
|
| /// File Name: |
flister.zip |
Description:
|
FLISTER is a proof-of-concept code for detecting files hidden by both usermode and kernelmode Windows rootkits. It exploits the bugs in handling ZwQueryDirectoryFile() calls with ReturnSingleEntry set to TRUE. Flister works on Windows 2000, XP and 2003.
| | Author: | joanna | | Homepage: | http://www.invisiblethings.org | | File Size: | 16083 | | Last Modified: | Feb 24 06:01:37 2005 |
| MD5 Checksum: | e54c133c50a5b1a45c482def06ac83e8 |
|
| /// File Name: |
icmp-0.9.tar.gz |
Description:
|
IMON v0.9b is a powerful tool to monitor/analyze ICMP traffic on your LAN (includes LOKI backdoor detection).
| | Author: | Stealth | | File Size: | 15950 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 7c82926086a0c749ec83bf5f3e33dfb6 |
|
| /// File Name: |
bubblegum-1.0.tar.gz |
Description:
|
Bubblegum is a daemon written in C which watches a file's access, modification, and inode change times, logging the changes. It can run an external command, read files from a filelist, and more.
| | Homepage: | http://cyclic.sourceforge.net/bubblegum | | Changes: | A fix for a Linux compile problem, syslogd support, and a couple of other bugfixes. | | File Size: | 15752 | | Last Modified: | Mar 8 01:48:57 2002 |
| MD5 Checksum: | 1389a0c513dd703700de51cd7301a084 |
|
| /// File Name: |
instmon-1.5.tar.gz |
Description:
|
instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis | | Changes: | Slightly changed the default search list (added /var/lib) and the default exclude list (added /root); instmon now uses $TMPDIR when set; Comparisons between version numbers are now done in a different way, which is more correct for the UN*X world; Fixed to work with RPM >= 2.5.0; Empty directories are now removed even more aggressively; Things are becoming complicated, so the awk command is now required, and instmon has to store some helper scripts (currently one) in /usr/local/lib/instmon. | | File Size: | 15539 | | Last Modified: | Aug 16 20:02:44 1999 |
| MD5 Checksum: | 84857431c0daee01c59e1231e2340712 |
|
| /// File Name: |
nettest-0.9.tar.gz |
Description:
|
Nettest is a program which monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down.
| | Author: | Rene Chaddock | | Changes: | Supports multiple connections with separate parameters for each connection, automatically forks into background, and a few rcfile parameters have been changed. | | File Size: | 15303 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | f25b0854c8f01e502b83062598d19347 |
|
| /// File Name: |
pmids-1.6.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | A GPG bug and grabbing of md5 sigs from the website have been repaired. | | File Size: | 15177 | | Last Modified: | Oct 1 00:28:27 2002 |
| MD5 Checksum: | fccdd4b8ac766c1fe16c97e4125afb0f |
|
| /// File Name: |
l0pht-nfr.tar.gz |
Description:
|
"The L0pht NFR Intrusion Detection System modules have been updated to cover some of the latest popular network attacks. Featured prominently in the update is a Back Orifice detection module which, we believe, is better than anything else on the market. Better than ISS's RealSecure BO detection as well as that of stand alone BO detectors that cost upwards of $5000. Do your network a favor and download our IDS modules (which are FREE) and NFR which is free for internal, non-commercial use."
| | Author: | L0pht Heavy Industries | | File Size: | 15145 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 9f052542d9d63ce7e1c23a07113a436a |
|
| /// File Name: |
websec10.tar.gz |
Description:
|
Web Secretary is a web page monitoring software.
| | Author: | Homemade Software | | File Size: | 14838 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 1dac964b9d4f9cae2d6ff2b662c42258 |
|
| /// File Name: |
twpatch-0.2.tgz |
Description:
|
Patches to run Tripwire 1.2 on Linux. Tripwire 1.2.
| | Author: | CERIAS/COAST | | File Size: | 14833 | | Last Modified: | Aug 16 20:02:28 1999 |
| MD5 Checksum: | 28f0fa2f8a0ce91fc830e4ac66d058f8 |
|
| /// File Name: |
pmids-1.5.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | Bug fixes and some cool improvements. | | File Size: | 14746 | | Last Modified: | Aug 30 01:58:32 2002 |
| MD5 Checksum: | bd319ae6afaabd837ee24d4c0c4fa04d |
|
| /// File Name: |
instmon-1.4.tar.gz |
Description:
|
instmon v1.4 - instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis | | File Size: | 14598 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | 4d34efd29c813828f938a771eacd8a1b |
|
| /// File Name: |
logscanner-1.0.tar.gz |
Description:
|
Log Scanner is an email sending, pager beeping (eventually), module using, log parsing, perl script. Log Scanner web site
| | File Size: | 14496 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 98a42272091f9f695d490c38ec368e39 |
|
| /// File Name: |
gogmagog-3.tar.gz |
Description:
|
GogMagog is a multiplatform sysadmin tool for monitoring the integrity of network-wide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is pretty network architecture independant. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface on the server.
| | Author: | C.Parisel | | File Size: | 13936 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 8ef23b61a15ccdbe831cb688278deedd |
|
| /// File Name: |
logcolorise-1.0.7.tar.gz |
Description:
|
Logcolorise is a PERL script to make your syslog generated log files much more legible by colourising them (context highlighting based on keywords).
| | Author: | Mike Babcock | | File Size: | 13898 | | Last Modified: | Oct 26 15:13:11 1999 |
| MD5 Checksum: | fa493ff21eff0f5ee3991ca3e122d6c6 |
|
| /// File Name: |
nettest0.8.tar.gz |
Description:
|
nettest v0.8 - Nettest is a program that monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down. 14k.
| | Author: | Rene Chaddock | | File Size: | 13869 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | ad45289c085069ac61134c81d7d235cd |
|
| /// File Name: |
instmon-1.3.tar.gz |
Description:
|
instmon v1.3 - instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis | | File Size: | 13856 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 0b27b1ae6f11656b9332449453696aca |
|
| /// File Name: |
darc-0.2.tgz |
Description:
|
Darc is a utility for managing large Aide installations in heterogeneous environments. It eliminates the need to maintain read-only media on every system, and provides unified reporting on filesystem changes across all machines.
| | Author: | Jacob Martinson | | Homepage: | http://www.info234.com/~jmartinson/darc.html | | File Size: | 13830 | | Last Modified: | Aug 14 18:21:46 2005 |
| MD5 Checksum: | d889f51c71280ea7a1829799379e58c9 |
|
| /// File Name: |
nettest0.81.tar.gz |
Description:
|
nettest v0.81 - Nettest is a program that monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down.
| | Author: | Rene Chaddock | | File Size: | 13777 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 235ad0c2475342fffb59015b8388f28c |
|
| /// File Name: |
icmpinfo-1.11.tar.gz |
Description:
|
Tracks ICMP packets, allowing you to proactively watch for suspicious behaviour, mainly ICMP unreachables.
| | File Size: | 13712 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | 65c3acdf2f87f9ab9aa1a055d76f8976 |
|
| /// File Name: |
shoneypot-0.2-3.tar.gz |
Description:
|
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
| | Homepage: | http://sourceforge.net/projects/single-honeypot | | Changes: | Pop3 target added and commands of the SMTP target have been added and modified. | | File Size: | 13302 | | Last Modified: | Sep 20 12:04:59 2002 |
| MD5 Checksum: | d449ea1d6be95ffea39501e2f044361e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
