Section: .. / UNIX / IDS /
| /// File Name: |
radmind-1.2.0.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Pipelined lcreate, Added progress output option -v to fsdiff, f_noauth exits so client gets error, Fixed libsnet one off error, Added -R to radmind usage, mkdirs clears errno on success, Updated configure script, Added known issues section to README. | | File Size: | 490868 | | Last Modified: | Oct 17 00:57:54 2003 |
| MD5 Checksum: | ef005804d502f026d8b51dc9ff242f92 |
|
| /// File Name: |
firestorm-0.5.4.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Various bug fixes and feature enhancements. | | File Size: | 545830 | | Last Modified: | Sep 12 15:22:00 2003 |
| MD5 Checksum: | 584dc6b86b29956f66fe8a7adf39a41b |
|
| /// File Name: |
honeyd-0.6.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | This release includes faster routing lookups, asymmetric routing, GRE tunneling, plugins and configuration systems, integration of physical machines into the virtual routing topology for network simulation, performance improvements, and several bugfixes. | | File Size: | 365913 | | Last Modified: | Jun 24 02:10:02 2003 |
| MD5 Checksum: | 20cc97bee4188ccad9831292bbdb885c |
|
| /// File Name: |
widsard-0.1.tar.gz |
Description:
|
wIDSard is a host-based Intrusion Detection System for i386 Linux platform. It intercepts, at user level, system calls specified in a configuration file written by the user. A finite-state automater is used to trace the monitored process. The language used for the configuration file is regular expression based. If a particular sequence of system calls is intercepted than an appropriate action could be executed.
| | Author: | Davide Fais, Stefano Frassi, Filippo Giuntini, Luca Pugliese | | Homepage: | http://widsards.sourceforge.net/ | | File Size: | 443229 | | Last Modified: | Jun 24 01:34:40 2003 |
| MD5 Checksum: | b3b6ea301dec4bcabfdadd169e5077ff |
|
| /// File Name: |
honeyd-0.5.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes and improvements. | | File Size: | 272149 | | Last Modified: | Apr 15 04:29:12 2003 |
| MD5 Checksum: | 3aec5101f44ef21b29c213496d92c1c1 |
|
| /// File Name: |
0x333hpl.c |
Description:
|
0x333hpl.c compares pids in /proc with ps aux output.
| | Author: | nsn | | Homepage: | http://www.0x333.org | | File Size: | 1569 | | Last Modified: | Apr 1 03:16:45 2003 |
| MD5 Checksum: | 5f2a93e4bdce690ddebb8ea38d6d2320 |
|
| /// File Name: |
radmind-0.9.3.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Fixed connection accepting code, added argument checking, and various other bug fixes. | | File Size: | 238988 | | Last Modified: | Jan 27 13:41:21 2003 |
| MD5 Checksum: | a1f5f6d35263239c8e9ed78bea69ad7b |
|
| /// File Name: |
samhain-1.70.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Improved spec files, several other small fixes. | | File Size: | 754698 | | Last Modified: | Dec 24 00:32:47 2002 |
| MD5 Checksum: | 9d7db178a36cd4608219e70e9d2d1790 |
|
| /// File Name: |
radmind-0.9.2.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | User support has been added to the server with PAM, and there is a new version of libsnet. Bugs were fixed. | | File Size: | 266349 | | Last Modified: | Dec 18 12:13:05 2002 |
| MD5 Checksum: | c2ecfdba298bb324f4196ef5d063ba9c |
|
| /// File Name: |
samhain-1.6.6.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 732622 | | Last Modified: | Dec 14 00:02:06 2002 |
| MD5 Checksum: | bb8e4890ed02376f80bae297e6c01553 |
|
| /// File Name: |
samhain-1.6.4.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 731827 | | Last Modified: | Nov 13 03:03:41 2002 |
| MD5 Checksum: | e2afb4c10e3298054e7cce4da7547e32 |
|
| /// File Name: |
samhain-1.6.3.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixes for Solaris, Sun, and Freebsd. Fixed some stuff in the install script. | | File Size: | 730433 | | Last Modified: | Nov 2 22:32:01 2002 |
| MD5 Checksum: | 0326aab5eddf554c74fe8e4a56912755 |
|
| /// File Name: |
logwatch-4.2.1.tar.gz |
Description:
|
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
| | Homepage: | http://www.logwatch.org | | Changes: | Fixed bugs. | | File Size: | 55071 | | Last Modified: | Oct 30 03:22:44 2002 |
| MD5 Checksum: | b0ba7785397a29a94715e9710b13340d |
|
| /// File Name: |
logwatch-4.1.tar.gz |
Description:
|
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
| | Homepage: | http://www.logwatch.org | | Changes: | Fixed race conditions. | | File Size: | 54246 | | Last Modified: | Oct 22 02:36:11 2002 |
| MD5 Checksum: | b6f474c48160bb00c84f2a0d4081efe7 |
|
| /// File Name: |
beltane-0.3.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | File Size: | 161912 | | Last Modified: | Oct 11 03:11:09 2002 |
| MD5 Checksum: | c41eb1621a0780a7e93d36fbd908e633 |
|
| /// File Name: |
samhain-1.6.2.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Now includes a target to build RPM's, fixed samhain.startRedHat, fixed some bugs, allowed scheduler to accept multiple schedules. | | File Size: | 719964 | | Last Modified: | Oct 4 10:01:33 2002 |
| MD5 Checksum: | 6f8df843d8843661d323354392c7d1b9 |
|
| /// File Name: |
pmids-1.6.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | A GPG bug and grabbing of md5 sigs from the website have been repaired. | | File Size: | 15177 | | Last Modified: | Oct 1 00:28:27 2002 |
| MD5 Checksum: | fccdd4b8ac766c1fe16c97e4125afb0f |
|
| /// File Name: |
prelude-manager-0.8.6.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Fixed a communication problem on Linux kernel 2.2.x due to the non-standards-compliant poll(). | | File Size: | 410240 | | Last Modified: | Sep 24 02:17:31 2002 |
| MD5 Checksum: | 8f40152b9c7bffee6dec2d4ee8539be6 |
|
| /// File Name: |
shoneypot-0.2-3.tar.gz |
Description:
|
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
| | Homepage: | http://sourceforge.net/projects/single-honeypot | | Changes: | Pop3 target added and commands of the SMTP target have been added and modified. | | File Size: | 13302 | | Last Modified: | Sep 20 12:04:59 2002 |
| MD5 Checksum: | d449ea1d6be95ffea39501e2f044361e |
|
| /// File Name: |
prosum_0.28.tgz |
Description:
|
ProSum is a console based program that protects your files, sys_call_table and IDT in a manor similar to tripwire (All in user space, without kernel modules). In addition, database with files etc. could be encrypted with Blowfish algorithm and files that are protected could be store at any secure/bastion host to later replace them. ProSum could be run on any UNIX system, at least with file protect mode (without IDT and sys_call_table support).
| | Author: | Fkt | | Homepage: | http://prosum.sourceforge.net | | File Size: | 206508 | | Last Modified: | Sep 12 07:20:00 2002 |
| MD5 Checksum: | c1b76d2566d99e47f62152a0465e73c7 |
|
| /// File Name: |
prelude-manager-0.8.5.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Fixed a heartbeat insertion problem. | | File Size: | 409674 | | Last Modified: | Sep 11 03:23:20 2002 |
| MD5 Checksum: | 42a70404422d50ffa993edca93353681 |
|
| /// File Name: |
libnids-1.17rc1.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://www.packetfactory.net/Projects/libnids | | Changes: | Support for libnet-1.1, libpcap save files, 802.1Q VLAN, wireless frames, and more. | | File Size: | 99935 | | Last Modified: | Sep 10 01:14:07 2002 |
| MD5 Checksum: | 4b34c7cea654402476452d0715c30d36 |
|
| /// File Name: |
prelude-manager-0.8.4.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Bugs fixed, and corrects OpenSSL, PgSQL, and MySQL detection. | | File Size: | 409510 | | Last Modified: | Sep 5 17:04:00 2002 |
| MD5 Checksum: | 3021934c7782b155cf240c75519aaf46 |
|
| /// File Name: |
pmids-1.5.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | Bug fixes and some cool improvements. | | File Size: | 14746 | | Last Modified: | Aug 30 01:58:32 2002 |
| MD5 Checksum: | bd319ae6afaabd837ee24d4c0c4fa04d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
