|
(Page 5 of 9) < Prev 1 2 3 4 5 6 7 8 9 Next > Category: Auditing » File Integrity KSTAT - Kernel Security Therapy Anti-Trolls Added 2001-10-22 Tool useful to find an attacker in your system by a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). Kstat can find the syscalls which were modified by a LKM, list the linked LKMs, query one or all the network interfaces of the system, list all the processes and much more. Sentinel Security Toolkit Added 2001-10-22 Sentinel is a fast file scanner similar to Tripwire or Viper with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database. Disclaimer: this is not a security toolkit. It is a single purpose file/drive scanning program. Available versions are for linux (tested on all current Slackware and RedHat releases), with Irix versions soon to be added on. srm Added 2001-10-22 srm (secure rm) is a command-line compatible rm(1) which destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised. Check_Chains Added 2001-10-22 Check_Chains checks the integrity of /proc/net/ip_fwchains file of a remote firewall with a master file stored in a management server where check_chains runs. Hark! Added 2001-10-22 Hark! is the world's first automated intelligent access control solution. Powered by Camelot's Network Intelligence technology, Hark! utilizes advanced discovery algorithms to analyze network events and deduce the functional structure of an organization, extracting and mapping the relationships between users and various network resources. Checksums Added 2001-10-22 Checksums takes a file of predetermined MD5 checksums and compairs with the current sum. It can be installed as a command line tool, or as a CGI which will allow you to upload the sums file remotely. In either case it is a useful tool to detect changes in your system files, such as a trojan. SRS (Secure Remote Streaming) Added 2001-10-22 SRS is a program that streams a copy of a client's logs as specified by the syslog.conf file to a trusted server on a remote site. It provides strong authentication and secure communications between the client and the server through an SSL tunnel. It is intended as a replacement for syslogd. This and syslogd may NOT be running at the same time. Features include: - Secure logging. All communications are automatically and transparently encrypted. SSL (Secure Socket Layer) v3.0 is used for the authentication and encryption. A conventional cipher (3DES, RC4, etc.) for encrypting the session. Encryption is started before SRS authentication, and no data is streamed or transmitted in the clear - No special configuration of syslogd is needed - Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure SSL authentication never trusts anything but the private key. - The client SSL authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server SSL authenticates the client machine before accepting any commands or requests from the client. On top of this, SRS will send its own challenge cookie - Client and server keys are generated by RepSec, Inc. Each client and server is provided a unique key Osiris Scripts Added 2001-10-22 The Osiris Scripts compare one catalog of executable files with another catalog of executable files. One script (Osiris.pl) catalogs specified directories of files (including MD5 hashes, modification dates, and file attributes) into a specified database (and/or to STDOUT as directed). The second script, Scale.pl, compares two such databases against each other. It will output, either to a file or STDOUT, any differences it finds between the two catalogs (including missing or additional files, differing MD5 hashes, modification dates, and file attributes). Together, the two scripts give an administrator the tools to follow changes in files on a Windows NT server or workstation. This keeps an administrator apprised of possible attacks and/or nasty little trojans, and is the main reason for the existence of the Osiris Scripts. Tripwall Added 2001-10-22 This is the Tripwall file integrity checker and Intusion Detection System. Tripwall is designed to reboot your machine and flush the ramdrive changes if certain files are modified, such as /bin/login, /bin/ls, /bin/ps, or /bin/sh. This effectively prevents successful hackers from trojaning your system files. Future versions will include the ability to transfer the tripwall executable to the router every time tripwall is run, thus averting modifications to tripwall. However, for the IDS to be effective, the LRP diskette MUST be write-protected when not actively being backed up and the tripwall database must be stored on this diskette. md5cat Added 2001-10-22 md5cat is a set of 3 perl scripts that will store md5 checksums and mtime info into any database with a dbd driver (defaults to csv). It can exclude any directories specified. The results of db comparisions can be sent via email. Browse by category |
|
|
Privacy Statement |
