Section: .. / UNIX / IDS /
| /// File Name: |
samhain-2.6.3.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | This release fixes a regression in the email module which caused messages of the highest priority to be queued along with lower priority messages, instead of being mailed immediately. | | File Size: | 1908972 | | Last Modified: | Mar 10 15:06:36 2010 |
| MD5 Checksum: | d0b25c09bad153304f4aadba4b449c0e |
|
| /// File Name: |
samhain-2.6.1b.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | On Linux, login/logout tracking now uses inotify. Log file monitoring has been enhanced to support checking for missing heartbeat messages, reporting bursts of repeated messages, and checking for correlated events. UID/GID caching has been improved to reduce the number of lookups, and a compile problem on Cygwin has been fixed. | | File Size: | 1904857 | | Last Modified: | Dec 23 09:41:34 2009 |
| MD5 Checksum: | 226f775243535456bf852b406ffc4fe1 |
|
| /// File Name: |
ninja-0.1.3.tar.bz2 |
Description:
|
Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user.
| | Author: | Tom Rune Flo | | Homepage: | http://forkbomb.org/ninja/ | | Changes: | A bugfix for x86-64 platforms when using a log file. | | File Size: | 10884 | | Last Modified: | Dec 4 23:11:03 2009 |
| MD5 Checksum: | 4ff6738dd84897a70d16997f6dcae06a |
|
| /// File Name: |
samhain-2.6.0.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Pathname expansion is now performed at each file check, rather than only at startup. The SUID check runs in a separate thread now. Some minor bugs have been fixed. | | File Size: | 1879999 | | Last Modified: | Oct 31 19:21:15 2009 |
| MD5 Checksum: | 853067c79bedc70b870ad03e91993f72 |
|
| /// File Name: |
samhain-2.5.10.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | This release fixes a race condition that would cause problems with stale file handles under certain conditions. | | File Size: | 1991041 | | Last Modified: | Oct 12 04:42:29 2009 |
| MD5 Checksum: | 987a29fc83fc76b67511487425054cf1 |
|
| /// File Name: |
sxid-4.2.tar.gz |
Description:
|
sXid is an all in one suid/sgid monitoring program designed to be run from cron on a regular basis. Basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes in an easy to read format via email or on the command line.
| | Author: | Ben Collins | | Changes: | A bug where many false positive MD5 sum changes were reported was fixed along with resource leaks found by cppcheck. | | File Size: | 41827 | | Last Modified: | Sep 16 02:49:11 2009 |
| MD5 Checksum: | c1ee8f4e0868227aec25e647f4087953 |
|
| /// File Name: |
trafscrambler-0.3.tgz |
Description:
|
Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
| | Author: | Maxim Bourmistrov | | Homepage: | http://en.roolz.org/trafscrambler.html | | Changes: | This is a bug fixing release. Plugged mbuf leak, corrected data injection. | | File Size: | 11864 | | Last Modified: | Sep 7 11:48:16 2009 |
| MD5 Checksum: | 72fbfb418f190cfa0af4b21e04ffe0bf |
|
| /// File Name: |
trafscrambler-0.2.tgz |
Description:
|
Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
| | Author: | Maxim Bourmistrov | | Homepage: | http://en.roolz.org/trafscrambler.html | | Changes: | This release implements fake data injection, userland binary tsctrl to control NKE, minor re-work of NKE. | | File Size: | 8788 | | Last Modified: | Aug 15 16:37:41 2009 |
| MD5 Checksum: | 2b9fbbb730fe3a425956a9ef93185be4 |
|
| /// File Name: |
samhain-2.5.8.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | This release fixes two bugs in the mailer code: MX resolving would fail sometimes, and a deadlock could occur. | | File Size: | 1052672 | | Last Modified: | Aug 15 14:52:04 2009 |
| MD5 Checksum: | 4870c9a0fb5fc8faff8b0ec5fe4004de |
|
| /// File Name: |
samhain-2.5.7.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | A potential deadlock has been fixed along with a configuration reload bug in the \'userfiles\' module. C99-style comments have been removed to improve portability, and the format of the date header of emails has been corrected. | | File Size: | 1839616 | | Last Modified: | Jul 23 12:36:58 2009 |
| MD5 Checksum: | 0601ac54729e94fc5f989ab7d33bd1d4 |
|
| /// File Name: |
trafscrambler_0.1.tgz |
Description:
|
Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. This initial release implements SYN-decoy, Pre/Post connections SYN, TCP reset, and zero window attacks. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
| | Author: | Maxim Bourmistrov | | Homepage: | http://en.roolz.org/trafscrambler.html | | File Size: | 5000 | | Last Modified: | Jun 26 13:47:47 2009 |
| MD5 Checksum: | a2059efbf0763945fd97513e2771a57b |
|
| /// File Name: |
samhain-2.5.5.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | File Size: | 1971622 | | Last Modified: | Apr 30 18:19:13 2009 |
| MD5 Checksum: | 7376fec2397f37fc1dabcbd77aed56ab |
|
| /// File Name: |
beltane-1.0.16.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | Changes: | Error logging has been improved by adding more information. | | File Size: | 185194 | | Last Modified: | Apr 23 16:10:07 2009 |
| MD5 Checksum: | 41168bb942a8c35a84f0c716137bac29 |
|
| /// File Name: |
samhain-2.5.4.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | File Size: | 1872356 | | Last Modified: | Mar 5 17:19:36 2009 |
| MD5 Checksum: | bbbaf653bbaef5ee71fadb04c71872e0 |
|
| /// File Name: |
beltane-1.0.15.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | Changes: | Bug fixes. | | File Size: | 185101 | | Last Modified: | Jan 30 14:50:44 2009 |
| MD5 Checksum: | fb3b0c2c71bc88a546fd8d3b33ba58bd |
|
| /// File Name: |
samhain-2.5.2b.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | File Size: | 1849440 | | Last Modified: | Jan 29 13:55:35 2009 |
| MD5 Checksum: | d8d6abf44e3d5b38cd956079658f1088 |
|
| /// File Name: |
WinFail2Ban_0.2.zip |
Description:
|
WinFail2Ban is an open source intrusion protection system that scans log files, looks for SQL failed logins, and analyzes the event viewer banning IPs as needed. This is a port of Fail2Ban from Linux to Windows.
| | Author: | Vittorio Pavesi | | Homepage: | http://winfail2ban.sourceforge.net/ | | File Size: | 3776718 | | Last Modified: | Jan 16 17:26:20 2009 |
| MD5 Checksum: | 7607136d952cb6329cf12683b0a1b7c2 |
|
| /// File Name: |
samhain-2.5.1.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | File Size: | 952832 | | Last Modified: | Dec 21 23:12:38 2008 |
| MD5 Checksum: | b6c4b1302b66e0727b383d855b346938 |
|
| /// File Name: |
samhain-2.5.0.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | File Size: | 1828218 | | Last Modified: | Nov 1 14:38:02 2008 |
| MD5 Checksum: | c07e8d93d05c66b36e9ee407bbd34a4f |
|
| /// File Name: |
eng-4.23-public.rar |
Description:
|
ENG, or Encore Next Generation, is a false-negative morphic tool that can bypass IDS/IPS via the randomization of return addresses, random writable addresses, junk code injection, and more.
| | Author: | Nelson Brito | | File Size: | 632464 | | Last Modified: | Sep 20 14:56:47 2008 |
| MD5 Checksum: | 10f2c84adb27a488a0c5f1435b156cda |
|
| /// File Name: |
nng-4.13r-public.rar |
Description:
|
NNG is a tool that creates crafted packets to cause MS02-039 false-positives against IPS/IDS. NNG does not have the same approach used by Snot and Stick, where the main goal is DoSing the IPS. Instead, NNG tries to make IPS/IDS "numbed" enough to have the leakage of real attack.
| | Author: | Nelson Brito | | File Size: | 616879 | | Last Modified: | Sep 17 00:00:17 2008 |
| MD5 Checksum: | 941a9a2a2f328b73989165de822527df |
|
| /// File Name: |
distack-1.1.0-dev.tar.gz |
Description:
|
Distack is a framework for local and distributed attack detection and traffic analysis. It can run on live interfaces or traces files, as well as in simulation environments. Therefore it provides easy ways to develop attack detection mechanisms and evaluate them on a large-scale in simulated networks.
| | Homepage: | http://www.tm.uka.de/distack | | File Size: | 114712 | | Last Modified: | Sep 3 17:27:17 2008 |
| MD5 Checksum: | 3fb4c5502309f3badd504a961d5c19db |
|
| /// File Name: |
samhain-2.4.6.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Various updates. | | File Size: | 1791222 | | Last Modified: | Sep 3 16:58:20 2008 |
| MD5 Checksum: | b707b7b7207b4bfa6357fe70795ef57d |
|
| /// File Name: |
bh-0.8.6.tgz |
Description:
|
Beholder is a wireless intrusion detection tool that looks for anomalies in a wifi environment.
| | Author: | Nelson Murilo | | Homepage: | http://www.beholderwireless.org/ | | File Size: | 37682 | | Last Modified: | Aug 20 03:19:46 2008 |
| MD5 Checksum: | 65eaed3776355063d4cd9131f1515a07 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
