|
(Page 4 of 9) < Prev 1 2 3 4 5 6 7 8 9 Next > Category: Auditing » File Integrity Modular Syslog Added 2001-12-05 The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions). Saswire Added 2001-11-08 Saswire is a little program written in perl , which generates database in SDBM format with modification time, MD5 Checksum, Size and creation time for a list of files specified in a input file, one per line with full pathnames to them. Usefull for checking unwanted modification on UNIX system binaries. Worm Report 1.2 Added 2001-10-22 Worm Report is a very simple Perl script to filter out the known worm hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. This script is useful in the short term to get the info to the people who need it. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module. Form Scalpel Added 2001-10-22 "Form Scalpel" is designed to aid security professionals to assess the resilience of a web sites forms to various forms of attack. Supports HTTP/HTTPS, Proxy servers, Cookies, Java/javascript/vbscript/XML pages and forms - GUI interface. Detailed analysis of certificates and real-time manipulation of HTML data. cqual Added 2001-10-22 cqual is a typed-based analysis tool for finding bugs in C programs. It extends the type system of C with extra user-defined type qualifiers. The programmer annotates their program with the appropriate qualifiers, and cqual checks for errors. Incorrect annotations indicate potential bugs. cqual presents the analysis results using Program Analysis Mode, an emacs-based GUI. Among other applications, cqual can be used to detect potential format-string vulnerabilities. It includes default configuration files to detect format-string bugs out-of-the-box. Tripwire Added 2001-10-22 Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed. Changes: Security fixes with respect to temp file handling, as well a new global email option. L5 Added 2001-10-22 L5 is a light-weight file integrity checker for DOS or Unix.L5 simply walks down Unix or DOS filesystems, sort of like "ls -R" or "find" would, generating listings of anything it finds there. It tells you everything it can about a file's status, and adds on an MD5 hash of it. Its output is rather "numeric", but it is a very simple format and is designed to be post-treated by scripts that call L5. ELIOTT Added 2001-10-22 ELIOTT is a tool to help system administrators and programmers discover insecure temporary files creation, even in closed-source applications. ELIOTT watches a directory for files creation/deletion/writes using the dnotify facility of Linux kernel 2.4.x . Every change is logged, even temporary files with a very short life time, that usually can't be manually noticed. In addition to logging, ELIOTT can simulate hard-link exploits in order to find and report vulnerable applications. BlackList Scanner Added 2001-10-22 The advantages of automated blacklist scanning include: -New lists can be incorporated immediately -Many NT servers can force a scan for the attaching system at logon -extraordinary flexibility, e.g. either scan all drives or just C: at the drop of a had (or editing a batch file). -Very high speed Very compact for wide distribution -Component testability, not just a magic package that may work and often fails. -Extensibility into other areas/applets with River Techniques (tm) KSEC - Kernel Security Checker Added 2001-10-22 Great tool useful to find an attacker in your system by a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). KSec can find the modified syscalls from userspace, detect the promisc interfaces, find the modifications applied to a protocol and much more. Browse by category |
|
|
Privacy Statement |
