< Prev 1 2 3 4 5 6 7 8 9 Next >
Category: Intrusion Detection » Host
Saint Jude is a wholly kernel-based intrusion detection and intrusion response system that implements the Saint Jude Model for detection of improper privilege transitions. Saint Jude can detect the presence of ongoing and successful attacks, from sources both local and remote, that would yield root-level access to the attacking individual. Detection is performed using a rule-based anomaly detector that uses a model of normal system behavior that is generated on the protected machine during a training phase. By comparing actual actions against a fully developed model, it is possible to detect attacks against vulnerabilities that are both known and unknown with no false positives or negatives.
SNARE (System iNtrusion Analysis and Reporting Environment) is a dynamically loadable kernel module that will form the basis for a host intrusion detection facility and C2-style auditing/event logging capability for Linux.
Linux Intrusion Detection System LSM (Linux Security Module)
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
IDS/A is an experimental interface between applications and a daemon which functions as system logger, reference monitor, and soon and intrusion detection system. It ships with a pam module, apache module, tcp wrapper replacement, system logger replacement and execv preload library. These components can be used to gather and integrate information as well as deny suspicous actions when they are attempted.
NetSaint is a program that will monitor hosts and services on your network. It has the ability to email or page you when a problem arises and when a problem is resolved. Several CGI programs are included in order to allow you to view the current service status, problem history, notification history, and log file via the web.
fwmon is a firewall monitor for Linux. It integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and operate in a non-root environment.
fport reports all open TCP/IP and UDP ports and maps them to the owning application. fport requires the usage of psapi.dll. On Windows NT, psapi.dll must be in the same dir, or path, as fport. For Windows 2000, this is not the case, since the system contains the .dll. The program contains five (5) switches that allow you to sort by application, process ID, application path, port, and display help.
AIDE (Advanced Intrusion Detection Environment)
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
CHX-I Universal Application Firewall and Intrusion Detection Engine.
CHX-I is a TCP Application firewall. New in version 1.7: - SSL taffic analysis engine allows for in-transit TCP payload firewalling - SSL server side transparent encryption allows encryption of TCP application services - In-transit TCP packet data modification allows for manipulation of sensitive or undesired data - Asynchronous reverse data flow search allows for traffic direction specifications - Multiple engine actions on traffic flow such as Drop, Log and Replace
The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions).
Browse by category