Section: .. / UNIX / IDS /
| /// File Name: |
slipwire-1.4.tar.gz |
Description:
|
slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | SHA hash of file database is returned when database is created, Quiet output by default, md5's are in the readme. | | File Size: | 5010 | | Last Modified: | Mar 2 23:39:05 2000 |
| MD5 Checksum: | 965d2d8171e3843a53c78095269ad3ca |
|
| /// File Name: |
scanpromisc.c |
Description:
|
REMOTE promiscuous ethernet detector. For Red Hat 5.x.
| | Author: | Savage of El Apostols | | File Size: | 5009 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 3e1436917e8949442a939c11a1534f96 |
|
| /// File Name: |
killerd-0_2.tar.gz |
Description:
|
A daemon which kills shells with idle time above a certain limit.
| | Author: | Martin Mares | | File Size: | 4958 | | Last Modified: | Sep 30 16:28:13 1999 |
| MD5 Checksum: | 66d631dcc7c53f6bbe6e6f449ed3e351 |
|
| /// File Name: |
coderedwarn0.0b.tar.gz |
Description:
|
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
| | Author: | Jonathan Hayward | | Homepage: | http://JonathansCorner.com | | File Size: | 4896 | | Last Modified: | Aug 11 05:33:21 2001 |
| MD5 Checksum: | 3a2b8840b784ba2af90b3188be12c8e2 |
|
| /// File Name: |
md5-tool.tgz |
Description:
|
If you have an md5 checksumming utility on your system, you can use these scripts for a "poor man's tripwire". These do several quick checks for archiving and security purposes.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 4738 | | Last Modified: | Feb 17 14:19:59 2000 |
| MD5 Checksum: | 41f0416f00dfa37b2e904ad115bee208 |
|
| /// File Name: |
slipwire.1-3.tar.gz |
Description:
|
slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | Extension of information gathered on indexed files, comparisons made to inode, last-modified, etc in addition to SHA signatures, tightening up of the Perl code, and elimination of calls to the shell. | | File Size: | 4621 | | Last Modified: | Feb 23 03:05:28 2000 |
| MD5 Checksum: | 70d3ac7d70df7d733027a2b36bd2f772 |
|
| /// File Name: |
logcalls.c |
Description:
|
Kernel module which logs specific system calls to a logfile. Tracks mkdir, rmdir, link, and open.
| | Author: | Pheisar | | Homepage: | http://www.ccl.pt/~pheisar/ | | File Size: | 4417 | | Last Modified: | Dec 7 15:38:36 1999 |
| MD5 Checksum: | 5bc913bf407e10e3b9113467871f1565 |
|
| /// File Name: |
whowatch-1.0.tar.gz |
Description:
|
whowatch v1.0 is an ncurses who-like utility that displays informations about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). Initial release. 4k.
| | Author: | Michal Suszycki | | File Size: | 4369 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | 3a2c7f8fe56376fea72014c4f5980605 |
|
| /// File Name: |
ViperDB-0.7.tar.gz |
Description:
|
ViperDB 0.7 - ViperDB was created as a smaller and faster option to Tripwire. ViperDB does not use a fancy all-in-one database to keep records. Instead it uses a plaintext db which is stored in each "watched" directory. By using this there is no real one attack point for an attacker to focus his attention on. This coupled with the running of ViperDB every 5 minutes (via cron root job) decreases the likelihood that an attacker will be able to modify your "watched" filesystem while ViperDB is monitoring your system.
| | Author: | J-Dog | | Changes: | Now logs to a standard logging facility instead of an individual file. Added '-checkstrict' functionality which changes permissions/owner/group back to what they were before the change was made to the file. Added exception(s) to '-checkstrict' which removes all permissions from the changed file if the file originally was SUID/GUID. Changed way filesystem changes are seen by admin, now a change only sends an alert to the logs once instead of repeatedly. | | File Size: | 4234 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 1809efd2508e5987e6a8d98139bf7e07 |
|
| /// File Name: |
sxid-secure.gz |
Description:
|
sXid Secure is an all in one suid/sgid monitoring script written in perl.
| | Author: | Ben Collins | | File Size: | 4123 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 439e4dd2da716074880ecbf2117749e0 |
|
| /// File Name: |
ktcpd-strobemasker-1.4.gz |
Description:
|
Linux 2.0.x kernel patch that protects you from strobes. Detects all strobes, logs all strobe attempts, refuses connections after a strobe begins, logs ALL packets (tcp, icmp, udp). Basically, makes your Linux box appear to be a Macintosh.
| | File Size: | 3961 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 7c328e4cd942e40046e3160a36512d0e |
|
| /// File Name: |
nannie-1.0.tar.gz |
Description:
|
Nannie's basic purpose is to watch system files that should not be changed, at least in theory. It monitors them for change in inode, size, etc notifies you if a change occurs. New features: completely rewritten, now logs to syslog instead of sending email, can handle a directory in nannie.cfg (will parse all files in directory), MUCH more error checking.
| | Author: | Cole Tuininga | | File Size: | 3826 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 9c0d3f60742929b511debecaf53fd162 |
|
| /// File Name: |
tmp-audit-0.4.tar.gz |
Description:
|
tmp-audit is a simple tool designed to monitor a directory and log changes (i.e /tmp).
| | Author: | Proof Of Concept | | Changes: | added -w option (dump file content), fixed some stuff in tmp-audit.h. | | File Size: | 3824 | | Last Modified: | Apr 25 11:21:33 1999 |
| MD5 Checksum: | 87e25b432b71a5685ae7cf21e217233e |
|
| /// File Name: |
syn.pl |
Description:
|
tcpdump script which detects network activity - designed specifically to detect new "stealth and undetectable" nmap v2.00-2.01 scans (TCP, SYN, FIN, Frag, Xmas, Null, and UDP, etc...).
| | Author: | Programmaton | | File Size: | 3776 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 1b643bc7c0fd8a37b6e0de3b3d27cadf |
|
| /// File Name: |
neped-libnet.tar.gz |
Description:
|
Network Promiscuous Ethernet Detector, rewriten with Libnet/libpcap so it works on FreeBSD, OpenBSD, and linux, possibly more. neped scans your subnet and detects promiscuous boxes that might be running sniffers or similar applications, using hacked ARPs (non broadcast), only listened by promiscuous ethernets.
| | Author: | CyberPsychotic | | File Size: | 3740 | | Last Modified: | Dec 13 17:37:42 1999 |
| MD5 Checksum: | ee928946f9d5187fe8a5c6224ad7ebf4 |
|
| /// File Name: |
decfingerd-0.7.tar.gz |
Description:
|
decfingerd 0.7: The Deception Finger Daemon. This program will take place of the original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system. Tested on: Linux 2.2.7 -- GCC 2.7.2.3, Solaris 2.7 -- EGCS 1.1.1, OpenBSD 2.5 -- GCC 2.8.1.
| | Author: | Jon Beaton | | File Size: | 3665 | | Last Modified: | Oct 4 15:53:28 1999 |
| MD5 Checksum: | e23d3683edd18ead71ac04d9708aa0d6 |
|
| /// File Name: |
sf-0.1b.tgz |
Description:
|
Secure Files 0.1b is a security tool that checks system integrity by comparing the MD5 checksums of flagged files against their earlier recorded checksums.
| | Author: | Venomous | | Homepage: | http://www.rdcrew.com.ar | | File Size: | 3645 | | Last Modified: | Aug 28 22:19:23 2000 |
| MD5 Checksum: | cae75ec5225047150b2055ad309208b8 |
|
| /// File Name: |
bsb-monitor-1.0.tar.gz |
Description:
|
BSB-Monitor is a very simple network monitor. It scans the network periodically and offers the result as an HTML page and an easily parseable status file.
| | Author: | Darko Krizic | | File Size: | 3494 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 4cfd294d600b541f5d89171e25dfa85f |
|
| /// File Name: |
tmp-audit-0.3.tar.gz |
Description:
|
tmp-audit is a simple tool designed to monitor a directory and log changes (i.e /tmp). New file size, variable refresh, and header beep options in this release.
| | Author: | Proof Of Concept | | File Size: | 3401 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | b902f220dd12ba87319a661c9f9f361c |
|
| /// File Name: |
seclog |
Description:
|
Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information, and notify you via email.
| | Author: | Dilusi0n | | Homepage: | http://www.gotr00t.com/~dilusi0n/ | | File Size: | 3391 | | Last Modified: | Mar 23 16:03:00 2000 |
| MD5 Checksum: | 478b20c9c35d7911278969dcfdac5aae |
|
| /// File Name: |
slipwire.1-2.tar.gz |
Description:
|
slipwire.pl is a simple filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | A fix for a bug in the iteration count when comparing files to hashes, a quick reader script for dumping the contents of the DBM file, an example file list, and a tidied-up README. | | File Size: | 3374 | | Last Modified: | Feb 18 15:31:17 2000 |
| MD5 Checksum: | cdfb0e35ca41c8dce84498b0c20842be |
|
| /// File Name: |
ncsfck.tar.gz |
Description:
|
NCSfck v1.2.0 - NCSFCK creates a database of important files like "/bin/login". Run as a cronjob for maximum effectiveness. Monitors for backdoor(s) and other trojan(s). web site
| | File Size: | 3171 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | ec3abf28c3eee9a81bd0992522d88c41 |
|
| /// File Name: |
decfingerd-0.6.tar.gz |
Description:
|
dfingerd v0.6 takes the place of your original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system.
| | Author: | Jon Beaton | | File Size: | 3164 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | def43c1a780975756a13905667886685 |
|
| /// File Name: |
portsentry.sample.txt |
Description:
|
Unavailable.
| | File Size: | 3154 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 6ecd6e85e507606a05d23cec2d3686c8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
