Section: .. / UNIX / IDS /
| /// File Name: |
filetraq-0.2.tgz |
Description:
|
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups.
| | Author: | Jeremy Weatherford | | Homepage: | http://filetraq.xidus.net | | Changes: | Comment lines are now permitted in the config file, wildcard matches are now possible, and entire directories can be checked. | | File Size: | 10659 | | Last Modified: | Jan 4 03:50:01 2000 |
| MD5 Checksum: | 91ea3b7350d795e2ad6e9d6da0954bc7 |
|
| /// File Name: |
aide-0.5.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | MD5 sums are now correct. Users must update their databases; they have false sums. With hash library support, you can have many more hash algorithms, and many bugfixes have been made. Note that the author's PGP keys have changed. | | File Size: | 192346 | | Last Modified: | Jan 2 14:27:58 2000 |
| MD5 Checksum: | 4615593338a1d860459f44a55b484dba |
|
| /// File Name: |
filetraq-0.1.tgz |
Description:
|
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups.
| | Author: | Jeremy Weatherford | | Homepage: | http://filetraq.xidus.net | | File Size: | 9985 | | Last Modified: | Jan 2 14:06:59 2000 |
| MD5 Checksum: | 80f29eda6ce691762a12d222dbd742d8 |
|
| /// File Name: |
logsurfer-1.5.tar.gz |
Description:
|
logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.
| | Homepage: | http://www.cert.dfn.de/eng/logsurf/home.html | | File Size: | 193989 | | Last Modified: | Dec 14 21:41:00 1999 |
| MD5 Checksum: | 55a71acfca8bed64596d32ba4c052638 |
|
| /// File Name: |
ttysnoop-0.12d.tar.gz |
Description:
|
TTYSnoop allows you to snoop on login tty's through another tty-device or pseudo-tty. The snoop-tty becomes a 'clone' of the original tty, redirecting both input and output from/to it.
| | Author: | Carl Declerck | | Changes: | Cleanups/updates for compilation on newer Linux systems, such as RH5. | | File Size: | 8514 | | Last Modified: | Dec 14 15:59:54 1999 |
| MD5 Checksum: | 8363519ecbf51eb643f502067be0e0fc |
|
| /// File Name: |
neped-libnet.tar.gz |
Description:
|
Network Promiscuous Ethernet Detector, rewriten with Libnet/libpcap so it works on FreeBSD, OpenBSD, and linux, possibly more. neped scans your subnet and detects promiscuous boxes that might be running sniffers or similar applications, using hacked ARPs (non broadcast), only listened by promiscuous ethernets.
| | Author: | CyberPsychotic | | File Size: | 3740 | | Last Modified: | Dec 13 17:37:42 1999 |
| MD5 Checksum: | ee928946f9d5187fe8a5c6224ad7ebf4 |
|
| /// File Name: |
checksyslog12.tar.gz |
Description:
|
Analyze your syslogs for security or system problems by creating a list of normal behaviour to ignore; everything else is something you should be aware of. Requires perl 5.
| | Homepage: | http://www.jammed.com/%7Ejwa/Security/ | | File Size: | 6585 | | Last Modified: | Dec 13 05:26:20 1999 |
| MD5 Checksum: | d4f7effb572e634a7af623ea4e6a99db |
|
| /// File Name: |
tocsin116.tar.gz |
Description:
|
toscin is a basic IDS system that uses packet filtering to warn against possible attacks against specified services. It basically watches the local network for SYN connections to certain services, and sends notification. Solaris 2.x possibly others.
| | Homepage: | http://www.eng.auburn.edu/users/doug/second.html | | File Size: | 9245 | | Last Modified: | Dec 12 17:32:34 1999 |
| MD5 Checksum: | 65a7bb6db5dc3be7060bd1e5d7bbb134 |
|
| /// File Name: |
guard26.tar.gz |
Description:
|
This linux tool is more an early warning system than IDS. it scans system logs for signs of intrusion in real time. produces colored output on the tty, sends alerts and regular reports. Excellent database of suspicious logfile strings included.
| | Homepage: | http://www.penguin.cz/%7Eondrej/guard/ | | File Size: | 16161 | | Last Modified: | Dec 11 02:45:26 1999 |
| MD5 Checksum: | ffafa344ed46803c723b3aecc1ed66f3 |
|
| /// File Name: |
whowatch-1.3.tar.gz |
Description:
|
Whowatch is a ncurses who-like utility that displays information about the users currently logged on to the machine, in real-time. Besides standard information (login name, tty, host, user's process), the type of the connection (ie. telnet or ssh) is shown. You can toggle display between users' command or idle time. You can also view processes tree and send INT and KILL signals.
| | File Size: | 19175 | | Last Modified: | Dec 10 07:25:20 1999 |
| MD5 Checksum: | cb0547a0f61d85a19b2929e2bdd0f644 |
|
| /// File Name: |
logcalls.c |
Description:
|
Kernel module which logs specific system calls to a logfile. Tracks mkdir, rmdir, link, and open.
| | Author: | Pheisar | | Homepage: | http://www.ccl.pt/~pheisar/ | | File Size: | 4417 | | Last Modified: | Dec 7 15:38:36 1999 |
| MD5 Checksum: | 5bc913bf407e10e3b9113467871f1565 |
|
| /// File Name: |
logcheck-1.1.1.tar.gz |
Description:
|
Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail.
| | Author: | Craig Rowland | | Homepage: | http://www.psionic.com/ | | File Size: | 30267 | | Last Modified: | Dec 2 15:22:37 1999 |
| MD5 Checksum: | e97c2f096e219e20310c1b80e9e1bc29 |
|
| /// File Name: |
logsurfer-1.41.tar.gz |
Description:
|
logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.
| | Author: | Wolfgang Ley | | Homepage: | http://www.cert.dfn.de/eng/logsurf/ | | File Size: | 184823 | | Last Modified: | Dec 2 15:17:22 1999 |
| MD5 Checksum: | 0871a4f23d91d0e19956b19a4162992b |
|
| /// File Name: |
portsentry-1.0.tar.gz |
Description:
|
PortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations.
| | Author: | Craig Rowland | | Homepage: | http://www.psionic.com/abacus/portsentry/ | | Changes: | Correct ignoring of hosts, and a Y2K fix for log file output, using a four-digit year. This doesn't affect PortSentry, but may affect programs that look at the log files it generates. | | File Size: | 43034 | | Last Modified: | Dec 2 14:59:02 1999 |
| MD5 Checksum: | d2d29e614f1604bd62a23e33d7a7564f |
|
| /// File Name: |
alert_1.3.tar |
Description:
|
IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.
| | Author: | Lance Spitzner | | Homepage: | http://www.enteract.com/~lspitz/ | | File Size: | 18432 | | Last Modified: | Nov 29 14:22:24 1999 |
| MD5 Checksum: | 59ead035a2a3d0d0079ebc74ec132664 |
|
| /// File Name: |
eoe232.tar.gz |
Description:
|
Eyes on Exec 2.32 is a set of tools which you can use to build your own host based IDS. It watches for programs getting exec'd and logs information about it to a file. Combined with perl this can be extremely powerful. Requires linux kernel 2.2.
| | Author: | S. Krahmer | | File Size: | 19754 | | Last Modified: | Nov 15 19:12:12 1999 |
| MD5 Checksum: | 1667d49e89e15406b5db030836e7d798 |
|
| /// File Name: |
logwatch-0.1.tgz |
Description:
|
Logwatch provides a client/server architecture for viewing logfiles on multiple machines on a network. With a single daemon process running on each participating computer, logfiles can be tailed from any authorized machine. Multiple logfiles on multiple machines can be followed with a single client process by specifying the machines and files to follow.
| | Author: | Jeremy Weatherford | | File Size: | 10935 | | Last Modified: | Nov 8 20:47:44 1999 |
| MD5 Checksum: | 418b659d5a8c3cc2ddbcc0d415f82710 |
|
| /// File Name: |
firesoft.tar.gz |
Description:
|
firesoft is a collection of Perl scripts for viewing snort-generated logs and ipchains logs. The package includes a bar chart creator from ipchains logs, to quickly view who has been scanning you the most.
| | Author: | Angelos Karageorgiou | | File Size: | 2026 | | Last Modified: | Nov 8 20:12:30 1999 |
| MD5 Checksum: | 8c68337186a4666bd70651c5764ed602 |
|
| /// File Name: |
tailbeep-0.43.tar.gz |
Description:
|
Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).
| | Author: | Tommy. | | Homepage: | http://soomka.com | | Changes: | Added -F (frequency) and -M (milliseconds) option, added -x "command" option, cleaned up the help screen, and you can use -p and -P at the same time now if you want both the entire line and a predefined message. | | File Size: | 10930 | | Last Modified: | Oct 27 17:13:20 1999 |
| MD5 Checksum: | 15a439c9a8a5db135a96122b367ceb9b |
|
| /// File Name: |
suidshow.c |
Description:
|
suidshow.c is a linux lkm that will log any non-root user doing a setuid(0) or a setreuid(0,0) system call. CyberPsychotic
| | File Size: | 1594 | | Last Modified: | Oct 26 20:23:28 1999 |
| MD5 Checksum: | 241bfda6ea160e113020cfd540674192 |
|
| /// File Name: |
logcolorise-1.0.7.tar.gz |
Description:
|
Logcolorise is a PERL script to make your syslog generated log files much more legible by colourising them (context highlighting based on keywords).
| | Author: | Mike Babcock | | File Size: | 13898 | | Last Modified: | Oct 26 15:13:11 1999 |
| MD5 Checksum: | fa493ff21eff0f5ee3991ca3e122d6c6 |
|
| /// File Name: |
tailbeep-0.41.tar.gz |
Description:
|
Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)
| | Author: | Tommy. | | Homepage: | http://soomka.com | | Changes: | The Ability to specify a message to speak instead of the line in the watched file (using -p), the old -p has been moved to -P to speak the line in the file, and the -V (version) and -S (sleep time) options have been added. | | File Size: | 10122 | | Last Modified: | Oct 26 15:01:31 1999 |
| MD5 Checksum: | 09af9ef12d56fe02fa381a2c671aa959 |
|
| /// File Name: |
libnids-1.12.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convinient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you don't have to build low-level network code. If you decide to use libnids, you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://www.packetfactory.net/Projects/Libnids/ | | File Size: | 292984 | | Last Modified: | Oct 25 18:23:18 1999 |
| MD5 Checksum: | 1d5eb8ef14c2729ab1871599ac05734f |
|
| /// File Name: |
tailbeep-0.3.tar.gz |
Description:
|
Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)
| | Author: | Tommy. | | Homepage: | http://soomka.com | | Changes: | Speech (through speechd) and a debug option. | | File Size: | 9042 | | Last Modified: | Oct 22 17:43:36 1999 |
| MD5 Checksum: | a735879e8c6948b88c63f21c4c57532b |
|
| /// File Name: |
rpc_gotcha_beta1.1.tar.gz |
Description:
|
Rpc_Gotcha is a network based intrusion detection tool for detecting rpc based scans and attacks (buffer overflows). The program will passively sit on the network perimeter and process packets while analyzing the rpc message data payload looking for signs of a possible attack. Rpc_Gotcha will log all rpc calls made to the network and display payload data for possible attacks. Changes : This version has some major bug fixes , memory leaks and signature issues. It will also read tcpdump capture files in a batch mode.
| | Author: | Chad Renfro | | Homepage: | http://renfro.homepage.com/archive.htm | | File Size: | 8321 | | Last Modified: | Oct 21 17:23:46 1999 |
| MD5 Checksum: | 4ccf621425f9493c349e7751f63fdb4f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
