(Page 5 of 9)   < Prev  1 2 3 4 5 6 7 8 9  Next >

Category: Auditing » File Integrity

Added 2001-10-22
by Frank DENIS
ELIOTT is a tool to help system administrators and programmers discover insecure temporary files creation, even in closed-source applications. ELIOTT watches a directory for files creation/deletion/writes using the dnotify facility of Linux kernel 2.4.x . Every change is logged, even temporary files with a very short life time, that usually can't be manually noticed. In addition to logging, ELIOTT can simulate hard-link exploits in order to find and report vulnerable applications.

BlackList Scanner
Added 2001-10-22
by James B. Nickson
The advantages of automated blacklist scanning include: -New lists can be incorporated immediately -Many NT servers can force a scan for the attaching system at logon -extraordinary flexibility, e.g. either scan all drives or just C: at the drop of a had (or editing a batch file). -Very high speed Very compact for wide distribution -Component testability, not just a magic package that may work and often fails. -Extensibility into other areas/applets with River Techniques (tm)

KSEC - Kernel Security Checker
Added 2001-10-22
by S0ftproject2000 Team
Great tool useful to find an attacker in your system by a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). KSec can find the modified syscalls from userspace, detect the promisc interfaces, find the modifications applied to a protocol and much more.

KSTAT - Kernel Security Therapy Anti-Trolls
Added 2001-10-22
by S0ftproject2000 Team
Tool useful to find an attacker in your system by a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). Kstat can find the syscalls which were modified by a LKM, list the linked LKMs, query one or all the network interfaces of the system, list all the processes and much more.

Sentinel Security Toolkit
Added 2001-10-22
by Zurk
Sentinel is a fast file scanner similar to Tripwire or Viper with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database. Disclaimer: this is not a security toolkit. It is a single purpose file/drive scanning program. Available versions are for linux (tested on all current Slackware and RedHat releases), with Irix versions soon to be added on.

Added 2001-10-22
by elleron
srm (secure rm) is a command-line compatible rm(1) which destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.

Added 2001-10-22
by Raffaello Di Martino
Check_Chains checks the integrity of /proc/net/ip_fwchains file of a remote firewall with a master file stored in a management server where check_chains runs.

Added 2001-10-22
by Camelot
Hark! is the world's first automated intelligent access control solution. Powered by Camelot's Network Intelligence technology, Hark! utilizes advanced discovery algorithms to analyze network events and deduce the functional structure of an organization, extracting and mapping the relationships between users and various network resources.

Added 2001-10-22
by Mike Machado, mike@innercite.com
Checksums takes a file of predetermined MD5 checksums and compairs with the current sum. It can be installed as a command line tool, or as a CGI which will allow you to upload the sums file remotely. In either case it is a useful tool to detect changes in your system files, such as a trojan.

SRS (Secure Remote Streaming)
Added 2001-10-22
by Matt Conover and Mark Zielinski
SRS is a program that streams a copy of a client's logs as specified by the syslog.conf file to a trusted server on a remote site. It provides strong authentication and secure communications between the client and the server through an SSL tunnel. It is intended as a replacement for syslogd. This and syslogd may NOT be running at the same time. Features include: - Secure logging. All communications are automatically and transparently encrypted. SSL (Secure Socket Layer) v3.0 is used for the authentication and encryption. A conventional cipher (3DES, RC4, etc.) for encrypting the session. Encryption is started before SRS authentication, and no data is streamed or transmitted in the clear - No special configuration of syslogd is needed - Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure SSL authentication never trusts anything but the private key. - The client SSL authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server SSL authenticates the client machine before accepting any commands or requests from the client. On top of this, SRS will send its own challenge cookie - Client and server keys are generated by RepSec, Inc. Each client and server is provided a unique key

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus