|
(Page 6 of 9) < Prev 1 2 3 4 5 6 7 8 9 Next > Category: Auditing » File Integrity Versioner Added 2001-10-22 Versioner is a graphical utility that traverses directories gathering extended file information and properties. Versioner's output is in comma seperated values format and automatically launches the program associated with the .csv extension (Usually MS-Excel) or .txt (Usually notepad). This data can also be imported into MS-Access. Uses: Can be used to determine "What has changed?" on a given host. This can be useful post-software installation, or post intrustion incident as a way of checking file integrity. Versioner can also be used to compare data on multiple machines to determine "What is different?". Triplight Added 2001-10-22 Triplight is an intrusion detection, and integrity monitor system. This release is rather unpolished (you need to hack up a crontab file, and to set a file path in the perl source), but fully functional. To accomplish its design goals, it reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses. Thus by monitoring the integrity of the system, triplight will serve as an aid in intrusion detection. FileTraq Added 2001-10-22 FileTraq is designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It's designed to be an easy way to ensure that no system files are changed without your knowledge. If you're worried about people breaking in and changing things without you noticing, or just worried about the other guy with root on the box changing things and forgetting to tell you, it's a good way to keep tabs on configuration files. Sherpa Added 2001-10-22 Sherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system. Sentinel Added 2001-10-22 Sentinel is a fast file scanner similar to Tripwire or Viper with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database. Disclaimer: this is not a security toolkit. It is a single purpose file/drive scanning program. Available versions are for linux (tested on all current Slackware and RedHat releases), with Irix versions soon to be added on. Lsof Added 2001-10-22 Lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. The Monitor 1.0.0 Added 2001-10-22 The Monitor is a small file monitoring program. It is a combination of 'cat' and 'tail -f', with support for terminal output as well as X (currently only GTK+). The Monitor can handle an unlimited number of files, and can be configured to timestamp each line displayed. It also supports basic parsing of syslogs (compressing the output). RIACS Auditing Package Added 2001-10-22 The RIACS Intelligent Auditing and Categorizing System, from the Research Institute for Advanced Computer Science. A file system auditing program that compares current contents against previously-generated listings, and reports differences. Checksums Added 2001-10-22 Checksums takes a file of predetermined MD5 checksums and compairs with the current sum. It can be installed as a command line tool, or as a CGI which will allow you to upload the sums file remotely. In either case it is a useful tool to detect changes in your system files, such as a trojan. SRS (Secure Remote Streaming) Added 2001-10-22 SRS is a program that streams a copy of a client's logs as specified by the syslog.conf file to a trusted server on a remote site. It provides strong authentication and secure communications between the client and the server through an SSL tunnel. It is intended as a replacement for syslogd. This and syslogd may NOT be running at the same time. Features include: - Secure logging. All communications are automatically and transparently encrypted. SSL (Secure Socket Layer) v3.0 is used for the authentication and encryption. A conventional cipher (3DES, RC4, etc.) for encrypting the session. Encryption is started before SRS authentication, and no data is streamed or transmitted in the clear - No special configuration of syslogd is needed - Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure SSL authentication never trusts anything but the private key. - The client SSL authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server SSL authenticates the client machine before accepting any commands or requests from the client. On top of this, SRS will send its own challenge cookie - Client and server keys are generated by RepSec, Inc. Each client and server is provided a unique key Browse by category |
|
|
Privacy Statement |
