Section: .. / UNIX / IDS /
| /// File Name: |
abacus-sentry.lsm |
Description:
|
Detailed descriptions of the PortSentry, HostSentry, and LogCheck tools included in the Abacus Project suite of Intrusion Detection tools. Abacus Project web site
| | File Size: | 23386 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 54b8d9d6eadd7f6f9195e6c9b8027646 |
|
| /// File Name: |
watcher.c |
Description:
|
Network monitoring tool - detect rogue incoming packets indicative of potential attacks.
| | File Size: | 23323 | | Last Modified: | Aug 16 20:02:17 1999 |
| MD5 Checksum: | 637e9eac6525213a96b59aedbadfc049 |
|
| /// File Name: |
wsm-0.9.5.tgz |
Description:
|
WSM: Web based System Monitor v0.9.5 is a Web accessible System Monitor for Linux featuring: Kernel (uname,lsmod,cpuinfo,free), Syslog (syslog, messages), Users (who), Jobs (ps -axjf), Disks (mount, df), Network (netstat -n), Routes (route -n), ISDN (imontty), VBox (vboxadm), IP Accounting (acct).
| | Author: | Dirk G.K. Mueller | | File Size: | 22167 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 451cbd6769df7dc06fbe7f5e7c7924a0 |
|
| /// File Name: |
ipacl.tar.gz |
Description:
|
SYSV.4 module that implements packet filtering within the kernel.
| | File Size: | 21885 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | 5b71efc483ce170b23578410df89231c |
|
| /// File Name: |
xnetup-1.1.tar.gz |
Description:
|
Network monitoring tool in perl.
| | Author: | Pierre David | | File Size: | 21440 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | fbb14495bf1a4d866d140948415abbd8 |
|
| /// File Name: |
swatch-3.0b4.tar.gz |
Description:
|
Swatch ("Simple WATCHdog") is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | ftp://ftp.stanford.edu/general/security-tools/swatch/ | | Changes: | Fixed the examine switch, added continue and quit actions, Fixed parsing of "throttle" setting, bug fixes. | | File Size: | 20824 | | Last Modified: | Jan 26 16:10:36 2000 |
| MD5 Checksum: | 6c386d64a543841b69122afbc2144345 |
|
| /// File Name: |
servme.tar |
Description:
|
Servme is a small daemon that listens on a port and logs the contents of all incoming connections to a file. New release allows emulation of ssh, Apache, VS-FTPD, telnetd, and generic open ports.
| | Author: | Chris | | Homepage: | http://www.cr-secure.net | | File Size: | 20480 | | Last Modified: | Aug 7 16:18:37 2004 |
| MD5 Checksum: | c317394522eebf8b04cb1b4ff4cfe6b5 |
|
| /// File Name: |
nabou-1.4.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.0x49.org/nabou/ | | Changes: | Many bugs were fixed. Some new commandline flags were added: --quiet (report only changes) and --update (update a database record for a file). It can now check the disk usage of a directory, and you can now define your own checks using inline Perl scriptlets. | | File Size: | 20235 | | Last Modified: | Aug 16 23:21:52 2000 |
| MD5 Checksum: | c7d6f2938e846c94ae4796a2d37467be |
|
| /// File Name: |
ficc-1.2.tar.gz |
Description:
|
File Integrity Command & Control (FICC) helps system administrators manage multiple Tripwire installations across their network. It maintains MD5 hashes for the three key Tripwire files (the config file, executable, and TW database) for every system it monitors. It retrieves these key files from each system via SCP and compares the computed signature against the signatures in the FICC signature database. If all three signatures match the database, FICC then connects to the host via SSH and runs Tripwire.
| | Author: | Terry Ott | | Homepage: | http://www.firsttracks.net/ficc/overview.php | | Changes: | The "quick_check" option for hosts was added, allowing FICC to download only the MD5 executable for the target host. If the checksum of the remote MD5 executable is unchanged, FICC then runs the remote MD5 executable on the remaining files (the Tripwire executable, database, and config file), dramatically reducing bandwidth usage and runtime. | | File Size: | 19981 | | Last Modified: | Nov 24 14:56:11 2003 |
| MD5 Checksum: | 6fb5b94ff86b6ec9f3a03acaac29b769 |
|
| /// File Name: |
eoe232.tar.gz |
Description:
|
Eyes on Exec 2.32 is a set of tools which you can use to build your own host based IDS. It watches for programs getting exec'd and logs information about it to a file. Combined with perl this can be extremely powerful. Requires linux kernel 2.2.
| | Author: | S. Krahmer | | File Size: | 19754 | | Last Modified: | Nov 15 19:12:12 1999 |
| MD5 Checksum: | 1667d49e89e15406b5db030836e7d798 |
|
| /// File Name: |
slocate-1.6.tar.gz |
Description:
|
Secure Locate 1.6 - Secure locate provides a secure way to index and quickly search for files on your system. It uses incremental encoding just like GNU locate to compress its database to make searching faster, but it will also store file permissions and ownership so that users will not see files they do not have access to. It is a bit slower than the GNU locate, but thats the price for security.
| | Author: | Kevin Lindsay | | Changes: | Optimized some code to make updating the database much faster, patched to allow smoother installation on FreeBSD, and some other minor bug fixes. | | File Size: | 19413 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 6096f7b0e4c4761bb2257dd83405bdb9 |
|
| /// File Name: |
whowatch-1.3.tar.gz |
Description:
|
Whowatch is a ncurses who-like utility that displays information about the users currently logged on to the machine, in real-time. Besides standard information (login name, tty, host, user's process), the type of the connection (ie. telnet or ssh) is shown. You can toggle display between users' command or idle time. You can also view processes tree and send INT and KILL signals.
| | File Size: | 19175 | | Last Modified: | Dec 10 07:25:20 1999 |
| MD5 Checksum: | cb0547a0f61d85a19b2929e2bdd0f644 |
|
| /// File Name: |
whowatch-1.3.1.tar.gz |
Description:
|
Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.
| | Author: | Michal Suszycki | | Homepage: | http://wizard.ae.krakow.pl/~mike/ | | Changes: | Man page update, rpm package available, small bug fixes. | | File Size: | 19103 | | Last Modified: | Feb 29 04:19:38 2000 |
| MD5 Checksum: | 40ecee9cf96ea635b78972d8dde8863e |
|
| /// File Name: |
portmap_5beta.tar.gz |
Description:
|
See above.
| | File Size: | 18702 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | 781e16ed4487c4caa082c6fef09ead4f |
|
| /// File Name: |
slocate-1.5.tar.gz |
Description:
|
Secure Locate 1.5 - Secure locate provides a secure way to index and quickly search for files on your system. It uses incremental encoding just like GNU locate to compress its database to make searching faster, but it will also store file permissions and ownership so that users will not see files they do not have access to. It is a bit slower than the GNU locate, but thats the price for security.
| | Author: | Kevin Lindsay | | Changes: | A couple of bug fixes but mostly new features. You can now search using basic POSIX regular expressions. It should also be noted that Redhat 6.0 has switched from GNU Locate to Secure Locate as the default filesystem indexing/searching mechanism. | | File Size: | 18683 | | Last Modified: | Aug 16 20:02:45 1999 |
| MD5 Checksum: | 15ad0eebaf97032015c8de884c1c238d |
|
| /// File Name: |
nettest-1.1.tar.gz |
Description:
|
nettest 1.1 - Nettest is a program which monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down. It's great for xDSL/Cable/Mission Critical Network Connections.
| | Author: | Rene Chaddock | | Changes: | Fixed bug where pingnumber exibited other (unwanted) behaviour, fixed bug which caused nettest to crash under certain situations, more reliable email-sending code, added retrytime variable which allows nettest to try connection more frequently when connection is actually down. | | File Size: | 18681 | | Last Modified: | Aug 16 20:02:44 1999 |
| MD5 Checksum: | f233bf84fc53e84eda01124435b36dea |
|
| /// File Name: |
shoneypot-0.2-7.tar.gz |
Description:
|
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
| | Homepage: | http://sourceforge.net/projects/single-honeypot | | File Size: | 18651 | | Last Modified: | Apr 5 16:11:00 2004 |
| MD5 Checksum: | 7396dfe31a9485dcd5bb023c7dfb93bd |
|
| /// File Name: |
alert_1.3.tar |
Description:
|
IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.
| | Author: | Lance Spitzner | | Homepage: | http://www.enteract.com/~lspitz/ | | File Size: | 18432 | | Last Modified: | Nov 29 14:22:24 1999 |
| MD5 Checksum: | 59ead035a2a3d0d0079ebc74ec132664 |
|
| /// File Name: |
trafshow-1.3.tar.gz |
Description:
|
Ncurses based IP traffic monitoring software.
| | File Size: | 18211 | | Last Modified: | Aug 16 20:02:25 1999 |
| MD5 Checksum: | 2c05bd0721c4a8caf4180a8c03fa4d75 |
|
| /// File Name: |
autobuse-snap918416038.tar.gz |
Description:
|
Autobuse - snapshot918416038 - Autobuse is a log-monitoring program which automatically reports script-kiddie probes to whomever you like.
| | Author: | Grant Taylor | | File Size: | 17879 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | a0ade06708a821c3a8ff8d7c64af4112 |
|
| /// File Name: |
petrovich-1.0.0.tar.gz |
Description:
|
Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
| | Author: | T. Kinch | | Homepage: | http://sourceforge.net/projects/petrovich | | File Size: | 17844 | | Last Modified: | Jul 21 00:13:00 2001 |
| MD5 Checksum: | a5657c6af0796b8738dc0b07563ba464 |
|
| /// File Name: |
swatch-3.0b1.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://www.stanford.edu/~atkins/swatch/ | | Changes: | Fixed a big bug involving key value assignment when throttling. | | File Size: | 17819 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 5969ec109979acd91b743815dda20a18 |
|
| /// File Name: |
autobuse-snap917980385.tar.gz |
Description:
|
Autobuse is a log-monitoring program which automatically reports script-kiddie probes to whomever you like.
| | Author: | Grant Taylor | | File Size: | 17768 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 4486077dd1baa32ebd9a84d3c5fea042 |
|
| /// File Name: |
sensorTrends-0.6.tar.gz |
Description:
|
sensorTrends is a GPL web-based application that displays a high-level view of the ports that are being scanned over the course of time. The display is similar to the look and feel of Internet Storm Center (incidents.org). Supported log formats are Cisco router Access Control Lists (ACLs) syslog output, Cisco PIX firewall syslog output, Snort's portscan.log files and NetScreen syslog output, and more. Demonstration page available here.
| | Author: | John Weidley | | Homepage: | http://www.packetshack.org/index.php?page=sensorTrends | | File Size: | 17499 | | Last Modified: | Oct 30 14:00:05 2003 |
| MD5 Checksum: | e038e47abfe3838a0ae230d2465c1cf1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
