< Prev 1 2 3 4 5 6 7 8 Next >
Category: Intrusion Detection » Host
Rule-based Intrusion Detection System 1.0 (Default)
RIDS is a machine learning rule-based intrusion detection system for Linux.
Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts its own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring.
fupids (the fuzzy userprofile intrusion detection system) is a user-profile based IDS for the OpenBSD kernel. It modifies certain syscalls in order to detect suspicious behavior. For example, it watches for network devices being set to promiscuous mode, and it watches for the creation of listen() sockets by users. fupids also handles a program profile for your local users, and it can find attackers who overtake existing accounts.
Local Area Security Linux
Local Area Security has released the 0.4 MAIN of their 'live CD' security toolkit which fits on a 185MB miniCD. With full Fluxbox desktop and over 250 security related tools encompassing pen testing, forensics, administration, monitoring, etc. Many additions and fixes have been made since the beta version. Along with the addition of the 'toram' boot option which allows it to be run entirely from RAM.
ACID XML is a stand alone application that can read and parse snort xml logs. It was inspired by ACID, but was designed so you can get up and running quickly with your logs rather than spending hours getting ACID requirments together and working.it uses QT and expat and it is fully open source.
Saint Jude, Linux Kernel Module
Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
wIDSard is a host-based Intrusion Detection System for i386 Linux platform. It intercepts, at user level, system calls specified in a configuration file written by the user. A finite-state automata is used to trace the monitored process. A regular expression based language is used to write the configuration file. If a particular sequence of system calls is intercepted than an appropriate action could be executed (kill the process, log, etc.)
LogAgent 4.0 Open Source is the latest version of the popular log monitoring software. Now monitors also Event Viewer logs, and you have the ability to send the output to the printer. You can also specify NULL directories for greater flexibility. You can also append time and date along with IP, hostname and username. Ships with 2 standalone companion programs, ADSScan (an alternate data stream scanner) and the combo HashGen and Integcheck (a MD5-SHA1 file system integrity checker, or HIDS), both free and Open Source.
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
Tiger security tool
TIGER is a set of Bourne shell scripts, C programs, and data files which are used to perform a security audit of Unix systems. The security audit results are useful both for system analysis (security auditing) and for real-time, host-based intrusion detection.
Browse by category