(Page 3 of 11)   < Prev  1 2 3 4 5 6 7 8  Next >

Category: Intrusion Detection » Host

Rule-based Intrusion Detection System 1.0 (Default)
Added 2004-03-05
by Pankaj Kumar Madhukar
RIDS is a machine learning rule-based intrusion detection system for Linux.

Big Brother
Added 2004-01-06
by Sean MacGuire, sean@iti.qc.ca
Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts its own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring.

Added 2003-12-09
by Steffen Wendzel
fupids (the fuzzy userprofile intrusion detection system) is a user-profile based IDS for the OpenBSD kernel. It modifies certain syscalls in order to detect suspicious behavior. For example, it watches for network devices being set to promiscuous mode, and it watches for the creation of listen() sockets by users. fupids also handles a program profile for your local users, and it can find attackers who overtake existing accounts.

Local Area Security Linux
Added 2003-11-19
by Jascha
Local Area Security has released the 0.4 MAIN of their 'live CD' security toolkit which fits on a 185MB miniCD. With full Fluxbox desktop and over 250 security related tools encompassing pen testing, forensics, administration, monitoring, etc. Many additions and fixes have been made since the beta version. Along with the addition of the 'toram' boot option which allows it to be run entirely from RAM.

Added 2003-09-29
by Sleepy
ACID XML is a stand alone application that can read and parse snort xml logs. It was inspired by ACID, but was designed so you can get up and running quickly with your logs rather than spending hours getting ACID requirments together and working.it uses QT and expat and it is fully open source.

Saint Jude, Linux Kernel Module
Added 2003-09-23
by Tim Lawless
Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Added 2003-07-10
by retenera
wIDSard is a host-based Intrusion Detection System for i386 Linux platform. It intercepts, at user level, system calls specified in a configuration file written by the user. A finite-state automata is used to trace the monitored process. A regular expression based language is used to write the configuration file. If a particular sequence of system calls is intercepted than an appropriate action could be executed (kill the process, log, etc.)

Added 2003-07-08
by Adam Richard
LogAgent 4.0 Open Source is the latest version of the popular log monitoring software. Now monitors also Event Viewer logs, and you have the ability to send the output to the printer. You can also specify NULL directories for greater flexibility. You can also append time and date along with IP, hostname and username. Ships with 2 standalone companion programs, ADSScan (an alternate data stream scanner) and the combo HashGen and Integcheck (a MD5-SHA1 file system integrity checker, or HIDS), both free and Open Source.

Added 2002-07-31
by Michael A. Gumienny
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.

Tiger security tool
Added 2002-06-18
by Javier Fernández-Sanguino Peña
TIGER is a set of Bourne shell scripts, C programs, and data files which are used to perform a security audit of Unix systems. The security audit results are useful both for system analysis (security auditing) and for real-time, host-based intrusion detection.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus