(Page 6 of 9)   < Prev  1 2 3 4 5 6 7 8 9  Next >

Category: Auditing » File Integrity

Osiris Scripts
Added 2001-10-22
by Brian Wotring and Preston Norvell
The Osiris Scripts compare one catalog of executable files with another catalog of executable files. One script (Osiris.pl) catalogs specified directories of files (including MD5 hashes, modification dates, and file attributes) into a specified database (and/or to STDOUT as directed). The second script, Scale.pl, compares two such databases against each other. It will output, either to a file or STDOUT, any differences it finds between the two catalogs (including missing or additional files, differing MD5 hashes, modification dates, and file attributes). Together, the two scripts give an administrator the tools to follow changes in files on a Windows NT server or workstation. This keeps an administrator apprised of possible attacks and/or nasty little trojans, and is the main reason for the existence of the Osiris Scripts.

Added 2001-10-22
by Colin Lee, passion@freethought.org
This is the Tripwall file integrity checker and Intusion Detection System. Tripwall is designed to reboot your machine and flush the ramdrive changes if certain files are modified, such as /bin/login, /bin/ls, /bin/ps, or /bin/sh. This effectively prevents successful hackers from trojaning your system files. Future versions will include the ability to transfer the tripwall executable to the router every time tripwall is run, thus averting modifications to tripwall. However, for the IDS to be effective, the LRP diskette MUST be write-protected when not actively being backed up and the tripwall database must be stored on this diskette.

Added 2001-10-22
by Sean Whalen, swhalen@nfinity.com
md5cat is a set of 3 perl scripts that will store md5 checksums and mtime info into any database with a dbd driver (defaults to csv). It can exclude any directories specified. The results of db comparisions can be sent via email.

MD5 Scripting Tools
Added 2001-10-22
by Simple Nomad, thegnome@nmrc.org
If you have an md5 checksumming utility on your system, you can use these scripts for a "poor man's tripwire". These do several quick checks for archiving and security purposes.

Added 2001-10-22
by Nick 'Zaf' Clifford, zaf@nrc.co.nz
Watchfile will display a list of files on the screen, and continually update their status. The status displayed can be configured on the command-line. Options include file size, owner, last modification time, last accessed time, etc.

Advanced Registry Tracer
Added 2001-10-22
by Elcom Ltd.
Advanced Registry Tracer (ART; formerly RegFix) is an utility designed for analysing the changes made to Windows Registry - by making the "snapshots" of it and keeping them in the browsable database. You can compare any two snapshots and get the list of keys/data which are new, deleted or just changed. ART can do comparing not only in the entire Registry, but also in any key of the Registry. Moreover, you can create undo/redo files (for example, to rollback the changes). To view the current state of a key, or to modify it, you can use Jump to Regedit function. Contents of any key can be exported to *.reg file.

Added 2001-10-22
by Toby Software, info@buttsoft.com
Toby - a GNU replacement for the tripwire program. Functionally similar to tripwire-1.3, this program will maintain a database of checksums for files. Once an initial database of file known to be "safe" is built, verifications on the database can be run later to detect trojan horses installed by intruders. This program, or ones similar to it, are a must for any system administrator concerned about the security of their system.

Added 2001-10-22
by lamagra, access-granted@geocities.com
fs-spider is a multi-threaded bad permissions finder (user defined).

Added 2001-10-22
by Arne Vidstrom, arne.vidstrom@ntsecurity.nu
"nscopy" works just like the copy command with one big difference. If you have the "Back up files and directories" user right, you will be able to copy files even if you don't have any explicit permission to read them. It doesn't take ownership of the file to do it.

Added 2001-10-22
by Serge Winitzki, swinitzk@hotmail.com
md5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus