SW Name |
Home page |
Downloaded |
Midas |
http://midas-nms.sourceforge.net/ |
23210x |
MIDAS is a cross platform Monitoring and NIDS server. The goal of this project is to build a robust and complete network/system monitoring suite that is capable of scaling to very large networks.
|
|
logcheck, logsentry |
http://sourceforge.net/[..]rum_id=275043 |
14784x |
The Sentry tools provide host-level security services for the Unix platform. PortSentry, Logcheck/LogSentry, and HostSentry protect against portscans, automate log file auditing, and detect suspicious login activity on a continuous basis.
|
|
labrea |
http://labrea.sourceforge.net/ |
8167x |
Intrusion detection / "sticky" honey pot technology using virtual servers to detect and trap worms, hackers, and other malware.
|
|
Dnotify |
http://www.student.lu.se/[..]/dnotify.html |
4738x |
Dnotify is a simple program that makes it possible to execute a command every time the contents of a specific directory change in linux. It is run from the command line and takes two arguments: one or more directories to monitor and a command to execute whenever a directory has changed. Options control what events to trigger on: when a file was read in the directory, when one was created, deleted and so on.
|
|
Claymore |
http://linux.rice.edu/[..]gic/claymore/ |
4676x |
Claymore is an intrusion detection and integrity monitoring system. To accomplish its task, it reads in a list of files stored in flat ASCII and uses Digest::MD5 to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, it should provide a record against remotely-installed trojan horses.
|
|
Firestorm |
http://www.scaramanga.co.uk/firestorm/ |
4401x |
Firestorm is an extremely high performance network intrusion detection system (NIDS)
|
|
Prelude |
http://www.prelude-ids.org/ |
4335x |
IDS which includes Network IDS, "host based" IDS. You can add modules, different platforms are supported, web-based GUI. And many more...
|
|
Integrit |
http://integrit.sourceforge.net/ |
4210x |
Integrit is a more simple alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system.
|
|
SID-IDS |
http://sid.sourceforge.net/ |
4123x |
SID-IDS is a host intrusion detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes) and takes appropriate action upon unexpected log entries.
|
|
ImSafe |
http://imsafe.sourceforge.net/ |
4021x |
ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool. After a learning phase, it is able to detect changes in processes behavior, to detect buffer overflows, etc. It is implemented through a device driver (as a kernel patch) for the Linux kernel, but can also be run on other UNIX systems by using a "sensor" built upon strace.
|
|
glFlow |
http://glflow.sourceforge.net/ |
3925x |
glFlow is a (D)DoS logger written with speed in mind. It detects attacks on high speed links through real-time flow aggregation and analysis.
|
|
CodeSeeker |
http://freshmeat.net/[..]s/codeseeker/ |
3679x |
CodeSeeker is an application level firewall and intrusion detection system that is not a packet proxy, but rather a plugin to the TCP stack itself.
|
|
Placid |
http://speakeasy.wpi.edu/placid/ |
3393x |
Placid is a Web-based frontend for Snort that uses MySQL. It supports searching, sorting, and graphing of events.
|
|
Nift |
http://sourceforge.net/[..]rojects/nift/ |
3374x |
Nift - (Network Intrusion Footprinting Tool) is graphical front-end (written in gtk+) for footprinting tools and methods already freely avaliable. It's purpose is to aid sys-admins in securing their site by allowing them to quickly check their network
|
|
check-ps |
http://devialog.sourceforge.net/ |
2883x |
Devialog is a behavior/anomaly-based syslog intrusion detection system which detects unknown attacks via anomalies in syslog.
|
|