Section: .. / UNIX / IDS /
| /// File Name: |
checksyslog12.tar.gz |
Description:
|
Analyze your syslogs for security or system problems by creating a list of normal behaviour to ignore; everything else is something you should be aware of. Requires perl 5.
| | Homepage: | http://www.jammed.com/%7Ejwa/Security/ | | File Size: | 6585 | | Last Modified: | Dec 13 05:26:20 1999 |
| MD5 Checksum: | d4f7effb572e634a7af623ea4e6a99db |
|
| /// File Name: |
autobuse.lsm |
Description:
|
More detailed description of Autobuse.
| | File Size: | 6553 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 31e60b79f4dc14895f8b82b90a45c061 |
|
| /// File Name: |
detect-satan.pl |
Description:
|
detect-satan.pl
| | File Size: | 6541 | | Last Modified: | Aug 16 20:02:15 1999 |
| MD5 Checksum: | f7a7467e452cef02bbf5a2ad6a041655 |
|
| /// File Name: |
stjude-0.4.tgz |
Description:
|
StJude is an attempt to monitor the flow of privilege in my Solaris boxes. It tries to detect privilege violations or improper transitions (ie stack smashing, or other local root exploits) by watching audit trails.
| | Author: | Tim Lawless | | File Size: | 6277 | | Last Modified: | Mar 6 15:47:53 2000 |
| MD5 Checksum: | b416a0164c195804d20a79668d919373 |
|
| /// File Name: |
claymore.tar.gz |
Description:
|
Claymore v0.3 is an intrusion detection and integrity monitoring system. To accomplish its task, it runs from cron and reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses.
| | Author: | Sam Carter | | Homepage: | http://linux.rice.edu/magic/claymore/ | | Changes: | This release adds ownership / permission tracking and switches to the Digest::MD5 instead of md5sum. | | File Size: | 6239 | | Last Modified: | Oct 3 17:38:28 2000 |
| MD5 Checksum: | 1288658c2152454fa372ceffd319d9fe |
|
| /// File Name: |
bgcheck-0.5.tar.gz |
Description:
|
bgcheck 0.5 - bgcheck is a process monitor for Linux written in perl that can be used by administrators to limit the number of background processes that each user can run.
| | Author: | blue. | | Changes: | added support for long usernames, fixed ftpd spawn detection to work with proftpd, possibly others. | | File Size: | 6206 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | a9f62bd27c830d84b9d7d2c4665f6f2a |
|
| /// File Name: |
viperdb-0.9.3.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | File Size: | 5997 | | Last Modified: | Feb 23 17:37:31 2001 |
| MD5 Checksum: | 2170734913963ac2e62e00288ba14cb9 |
|
| /// File Name: |
whowatch-1.0.5.tar.gz |
Description:
|
whowatch 1.0.5 - Whowatch is an ncurses who-like utility which displays informations about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh).
| | Author: | Michal Suszycki. | | Changes: | Added ability to toggle display between processes and users' idle time, added 'local' type of login, better response for key pressing, and several bugfixes. | | File Size: | 5988 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | 5e0e39d1e3d1ad8051abeb0b5d4a9ccc |
|
| /// File Name: |
bogon.c |
Description:
|
Remote promiscuous ethernet detector.
| | Author: | Richard W.M. Jones. | | File Size: | 5968 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 3187a25e1c0e0ef31a65ce3dde0f252a |
|
| /// File Name: |
gogmagog-1.tar.gz |
Description:
|
UNIX systems integrity monitor - highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind.
| | Author: | cparisel[at]hotmail.com. | | File Size: | 5934 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 73a163942b986ae4d0d09d0dfd47410b |
|
| /// File Name: |
bgcheck-0.4.tar.gz |
Description:
|
bgcheck 0.4 - bgcheck is a process monitor for Linux written in perl that can be used by administrators to limit the number of background processes that each user can run.
| | Author: | blue. | | Changes: | Fixed major problems handling ftp processes and added exception list for programs. | | File Size: | 5635 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 914c853198372275c51a07f8ba80f883 |
|
| /// File Name: |
thor1.0.tar.gz |
Description:
|
thor.pl 1.0 - thor.pl keeps tabs on suid and sgid files on your file system. It also keeps track of the checksums of your binaries and the root accounts on the system as well as a few other things. It's a handy script that helps you find possible security risks, or breakins.
| | Author: | Jerry Kilpatrick. | | File Size: | 5264 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | d25bf542ae37a2fadc15d28b5f92faab |
|
| /// File Name: |
clownids.tgz |
Description:
|
ClownIDS v1.0 verifies the md5 checksums of files and mails the admin and runs scripts when a problem is found.
| | Author: | Mimayin | | Homepage: | http://lsa.mine.nu | | File Size: | 5189 | | Last Modified: | Jul 5 20:30:27 2002 |
| MD5 Checksum: | 866ca32bbd6963b29101fa3e3a2a7889 |
|
| /// File Name: |
coderedwarn0_0b2.tar.gz |
Description:
|
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
| | Author: | Jonathan Hayward | | Homepage: | http://JonathansCorner.com | | Changes: | The recipient list has been adjusted to be more SMTP-compliant. A suggested way to run without keeping bounce messages in queue has been provided. SMTP connections are tested on the remote host before sending, and the 404 on home page download has been fixed. | | File Size: | 5185 | | Last Modified: | Aug 11 17:09:52 2001 |
| MD5 Checksum: | 6fe77e9e6963429809eeb9bc90c79f54 |
|
| /// File Name: |
dirwatch101.c |
Description:
|
dirwatch101 monitors a directory and all the files in it for any changes, any files that have new data added to them, that data logged to a file.
| | Author: | ajax. | | File Size: | 5072 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 169413ea791c3b169daba6b03e99bcea |
|
| /// File Name: |
slipwire |
Description:
|
slipwire.pl v1.1 is the first iteration of a filesystem integrity checker. It compares the MD5 hashes of files to an initial state and alerts the user of any changes.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | The dependency on the md5 command has been removed by using the Digest:: modules for Perl, and SHA-1 hashes are now used instead of MD5. | | File Size: | 5025 | | Last Modified: | Feb 18 15:31:30 2000 |
| MD5 Checksum: | d32f3caea448249e2c4d223c90af5db7 |
|
| /// File Name: |
neped.c |
Description:
|
Network Promiscuous Ethernet Detector. neped scans your subnet and detects promiscuous linux boxes that might be running sniffers or similar applications, using hacked ARPs (non broadcast), only listened by promiscuous ethernets. The answer to hacked ARPs expose promiscuity (presume sniffer). Runs on Linux 2.x with GlibC or libc5.
| | Author: | Els Apostols. | | File Size: | 5011 | | Last Modified: | Aug 16 20:02:28 1999 |
| MD5 Checksum: | c985154f4743b9b0ebd0c2c4d86fad65 |
|
| /// File Name: |
slipwire-1.4.tar.gz |
Description:
|
slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | SHA hash of file database is returned when database is created, Quiet output by default, md5's are in the readme. | | File Size: | 5010 | | Last Modified: | Mar 2 23:39:05 2000 |
| MD5 Checksum: | 965d2d8171e3843a53c78095269ad3ca |
|
| /// File Name: |
scanpromisc.c |
Description:
|
REMOTE promiscuous ethernet detector. For Red Hat 5.x.
| | Author: | Savage of El Apostols. | | File Size: | 5009 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 3e1436917e8949442a939c11a1534f96 |
|
| /// File Name: |
killerd-0_2.tar.gz |
Description:
|
A daemon which kills shells with idle time above a certain limit.
| | Author: | Martin Mares. | | File Size: | 4958 | | Last Modified: | Sep 30 16:28:13 1999 |
| MD5 Checksum: | 66d631dcc7c53f6bbe6e6f449ed3e351 |
|
| /// File Name: |
coderedwarn0.0b.tar.gz |
Description:
|
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
| | Author: | Jonathan Hayward | | Homepage: | http://JonathansCorner.com | | File Size: | 4896 | | Last Modified: | Aug 11 05:33:21 2001 |
| MD5 Checksum: | 3a2b8840b784ba2af90b3188be12c8e2 |
|
| /// File Name: |
md5-tool.tgz |
Description:
|
If you have an md5 checksumming utility on your system, you can use these scripts for a "poor man's tripwire". These do several quick checks for archiving and security purposes.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 4738 | | Last Modified: | Feb 17 14:19:59 2000 |
| MD5 Checksum: | 41f0416f00dfa37b2e904ad115bee208 |
|
| /// File Name: |
slipwire.1-3.tar.gz |
Description:
|
slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | Extension of information gathered on indexed files, comparisons made to inode, last-modified, etc in addition to SHA signatures, tightening up of the Perl code, and elimination of calls to the shell. | | File Size: | 4621 | | Last Modified: | Feb 23 03:05:28 2000 |
| MD5 Checksum: | 70d3ac7d70df7d733027a2b36bd2f772 |
|
| /// File Name: |
logcalls.c |
Description:
|
Kernel module which logs specific system calls to a logfile. Tracks mkdir, rmdir, link, and open.
| | Author: | Pheisar | | Homepage: | http://www.ccl.pt/~pheisar/ | | File Size: | 4417 | | Last Modified: | Dec 7 15:38:36 1999 |
| MD5 Checksum: | 5bc913bf407e10e3b9113467871f1565 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
