Section: .. / UNIX / IDS /
| /// File Name: |
suricata-1.0.2.tar.gz |
Description:
|
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
| | Homepage: | http://www.openinfosecfoundation.org/index.php/download-suricata | | Changes: | An SSH module was added. Several TCP evasions were fixed. Language compatibility was improved. HTTP detection accuracy was improved. Inline mode was improved. | | File Size: | 1630936 | | Last Modified: | Sep 2 23:18:47 2010 |
| MD5 Checksum: | 57c93a22602ecc9bbe5857beeb79cb5d |
|
| /// File Name: |
suricata-1.0.1.tar.gz |
Description:
|
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
| | Homepage: | http://www.openinfosecfoundation.org/index.php/download-suricata | | Changes: | Detection accuracy was greatly improved. The stream engine was improved. Various other bugs were fixed. | | File Size: | 1607941 | | Last Modified: | Aug 3 02:11:28 2010 |
| MD5 Checksum: | ad42b854ef2b44499f0f1d1531b1ca36 |
|
| /// File Name: |
suricata-1.0.0.tar.gz |
Description:
|
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
| | Homepage: | http://www.openinfosecfoundation.org/index.php/download-suricata | | Changes: | This release adds support for tag keywords, support for DCERPC over UDP, duplicate signature detection, and improved CUDA support, URI inspection, stability, and performance. | | File Size: | 1597156 | | Last Modified: | Jul 3 14:31:20 2010 |
| MD5 Checksum: | 01b8a6e4908f4a35f7f5d09b1a84cf5e |
|
| /// File Name: |
suricata-0.9.2.tar.gz |
Description:
|
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
| | Homepage: | http://www.openinfosecfoundation.org/index.php/download-suricata | | Changes: | Support was added for DAG cards, reassembled stream scanning, the http_uri keyword, dce keywords, and ratefilter. Support was improved for uricontent, asn1, and threshold. Memory leaks were fixed. Performance was improved. | | File Size: | 1545389 | | Last Modified: | Jun 25 01:23:16 2010 |
| MD5 Checksum: | e53cbf8e39c842ae7cfea9a0ca61085e |
|
| /// File Name: |
beltane-1.0.17.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | Changes: | The UI for the \'Search\' function has been modified to make it easier to list all filesystem changes between two arbitrary dates. The code for detecting and diagnosing broken PHP installations has been added. Also, the \'From:\' address in email messages sent from beltane has been modified. | | File Size: | 185239 | | Last Modified: | Jun 13 22:48:16 2010 |
| MD5 Checksum: | ae739f42fa94aeb3fa7ffed0e261a5c6 |
|
| /// File Name: |
samhain-2.7.1.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Logging of client reports to prelude can be done by the server now (rather than by the clients themselves). The configuration file parser now accepts C-style quoting for filenames, and the maximum line length has been increased to 16382 characters. Some compile problems have been fixed. | | File Size: | 1936148 | | Last Modified: | Jun 7 17:11:41 2010 |
| MD5 Checksum: | 3e5eca3315332b494b2b68645bb342d4 |
|
| /// File Name: |
suricata-0.9.1.tar.gz |
Description:
|
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
| | Homepage: | http://www.openinfosecfoundation.org/index.php/download-suricata | | Changes: | Support for the ASN1 keyword was added. Support for the ERF file format was added. Rule profiling support was added. An SSLv2 and SSLv3 parser were added. Many bugs were fixed. | | File Size: | 1453057 | | Last Modified: | May 27 01:30:57 2010 |
| MD5 Checksum: | 4208520142d516e6ee13fcb38b6e5f82 |
|
| /// File Name: |
suricata-0.9.0.tar.gz |
Description:
|
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
| | Homepage: | http://www.openinfosecfoundation.org/index.php/download-suricata | | Changes: | Support for the http_headers rule keyword was added. Privilege dropping support was added. Support for pass rules was added. Windows inline mode (IPS) support was added. Many bugs were fixed. | | File Size: | 1409166 | | Last Modified: | May 6 22:05:42 2010 |
| MD5 Checksum: | 67a6fa4f30952ecf8fc554a83d9cd13c |
|
| /// File Name: |
samhain-2.7.0.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | The login monitoring module has been enhanced to check for anomalies. The kernel integrity check now supports Linux/x86_64, as well as Linux kernels that have /dev/kmem disabled. | | File Size: | 870400 | | Last Modified: | May 4 21:25:13 2010 |
| MD5 Checksum: | 862c1956de8489a14f02c6ccbcece5ba |
|
| /// File Name: |
suricata-0.8.2.tar.gz |
Description:
|
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
| | Homepage: | http://www.openinfosecfoundation.org/index.php/download-suricata | | Changes: | This release adds support for detection_filter and http_client_body keywords, adds support for HTTP parser server personalities, fixes the CUDA code on x86_64, improves IPv6 support, adds support for PID files, reduces memory usage, and fixes many bugs. | | File Size: | 1371420 | | Last Modified: | Apr 30 19:29:20 2010 |
| MD5 Checksum: | 994ff6a5444b2933e892febedc31a7cc |
|
| /// File Name: |
samhain-2.6.4.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | The log monitoring module has been enhanced to allow monitoring the output of shell commands. Some bugs in the log monitoring and kernel checking modules have been fixed. | | File Size: | 1914063 | | Last Modified: | Mar 22 16:04:16 2010 |
| MD5 Checksum: | e82003912ec06a435b432f0c60f9d2ea |
|
| /// File Name: |
samhain-2.6.3.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | This release fixes a regression in the email module which caused messages of the highest priority to be queued along with lower priority messages, instead of being mailed immediately. | | File Size: | 1908972 | | Last Modified: | Mar 10 15:06:36 2010 |
| MD5 Checksum: | d0b25c09bad153304f4aadba4b449c0e |
|
| /// File Name: |
samhain-2.6.1b.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | On Linux, login/logout tracking now uses inotify. Log file monitoring has been enhanced to support checking for missing heartbeat messages, reporting bursts of repeated messages, and checking for correlated events. UID/GID caching has been improved to reduce the number of lookups, and a compile problem on Cygwin has been fixed. | | File Size: | 1904857 | | Last Modified: | Dec 23 09:41:34 2009 |
| MD5 Checksum: | 226f775243535456bf852b406ffc4fe1 |
|
| /// File Name: |
ninja-0.1.3.tar.bz2 |
Description:
|
Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user.
| | Author: | Tom Rune Flo | | Homepage: | http://forkbomb.org/ninja/ | | Changes: | A bugfix for x86-64 platforms when using a log file. | | File Size: | 10884 | | Last Modified: | Dec 4 23:11:03 2009 |
| MD5 Checksum: | 4ff6738dd84897a70d16997f6dcae06a |
|
| /// File Name: |
samhain-2.6.0.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Pathname expansion is now performed at each file check, rather than only at startup. The SUID check runs in a separate thread now. Some minor bugs have been fixed. | | File Size: | 1879999 | | Last Modified: | Oct 31 19:21:15 2009 |
| MD5 Checksum: | 853067c79bedc70b870ad03e91993f72 |
|
| /// File Name: |
samhain-2.5.10.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | This release fixes a race condition that would cause problems with stale file handles under certain conditions. | | File Size: | 1991041 | | Last Modified: | Oct 12 04:42:29 2009 |
| MD5 Checksum: | 987a29fc83fc76b67511487425054cf1 |
|
| /// File Name: |
sxid-4.2.tar.gz |
Description:
|
sXid is an all in one suid/sgid monitoring program designed to be run from cron on a regular basis. Basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes in an easy to read format via email or on the command line.
| | Author: | Ben Collins | | Changes: | A bug where many false positive MD5 sum changes were reported was fixed along with resource leaks found by cppcheck. | | File Size: | 41827 | | Last Modified: | Sep 16 02:49:11 2009 |
| MD5 Checksum: | c1ee8f4e0868227aec25e647f4087953 |
|
| /// File Name: |
trafscrambler-0.3.tgz |
Description:
|
Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
| | Author: | Maxim Bourmistrov | | Homepage: | http://en.roolz.org/trafscrambler.html | | Changes: | This is a bug fixing release. Plugged mbuf leak, corrected data injection. | | File Size: | 11864 | | Last Modified: | Sep 7 11:48:16 2009 |
| MD5 Checksum: | 72fbfb418f190cfa0af4b21e04ffe0bf |
|
| /// File Name: |
trafscrambler-0.2.tgz |
Description:
|
Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
| | Author: | Maxim Bourmistrov | | Homepage: | http://en.roolz.org/trafscrambler.html | | Changes: | This release implements fake data injection, userland binary tsctrl to control NKE, minor re-work of NKE. | | File Size: | 8788 | | Last Modified: | Aug 15 16:37:41 2009 |
| MD5 Checksum: | 2b9fbbb730fe3a425956a9ef93185be4 |
|
| /// File Name: |
samhain-2.5.8.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | This release fixes two bugs in the mailer code: MX resolving would fail sometimes, and a deadlock could occur. | | File Size: | 1052672 | | Last Modified: | Aug 15 14:52:04 2009 |
| MD5 Checksum: | 4870c9a0fb5fc8faff8b0ec5fe4004de |
|
| /// File Name: |
samhain-2.5.7.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | A potential deadlock has been fixed along with a configuration reload bug in the \'userfiles\' module. C99-style comments have been removed to improve portability, and the format of the date header of emails has been corrected. | | File Size: | 1839616 | | Last Modified: | Jul 23 12:36:58 2009 |
| MD5 Checksum: | 0601ac54729e94fc5f989ab7d33bd1d4 |
|
| /// File Name: |
trafscrambler_0.1.tgz |
Description:
|
Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. This initial release implements SYN-decoy, Pre/Post connections SYN, TCP reset, and zero window attacks. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
| | Author: | Maxim Bourmistrov | | Homepage: | http://en.roolz.org/trafscrambler.html | | File Size: | 5000 | | Last Modified: | Jun 26 13:47:47 2009 |
| MD5 Checksum: | a2059efbf0763945fd97513e2771a57b |
|
| /// File Name: |
samhain-2.5.5.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | File Size: | 1971622 | | Last Modified: | Apr 30 18:19:13 2009 |
| MD5 Checksum: | 7376fec2397f37fc1dabcbd77aed56ab |
|
| /// File Name: |
beltane-1.0.16.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | Changes: | Error logging has been improved by adding more information. | | File Size: | 185194 | | Last Modified: | Apr 23 16:10:07 2009 |
| MD5 Checksum: | 41168bb942a8c35a84f0c716137bac29 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
