  |
Rootkit Hunter - http://www.rootkit.nl/
Open-source GPL rootkit scanner for Unix-like systems. Scans for rootkits, trojans, backdoors and local exploits. Tests include scanning of plaintext and binary files for MD5 hash comparisons, default rootkit files, binary permissions, suspect LKM/KLD module strings, and hidden files. |
| |
PreludeIDS Technologies - http://www.prelude-ids.org/
Distributed hybrid IDS framework, that collects and aggregates event reports from available security systems, and analyses them on a central system. |
| |
http://www.citi.umich.edu/u/provos/honeyd/ - http://www.citi.umich.edu/u/provos/honeyd/
Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet or for network monitoring. For *BSD, GNU/Linux, and Solaris. |
| |
LIDS Project - Secure Linux System - http://www.lids.org
LIDS is an enhancement for the Linux kernel written by Xie Huagang and Philippe Biondi. It implements several security features that are not in the Linux kernel natively. Some of these include: mandatory access controls (MAC), a port scan detector, file protection (even from root), and process protection. |
| |
Systrace (Interactive Policy Generation for System Calls) - http://www.citi.umich.edu/u/provos/systrace/
Systrace enforces system call policies for applications by interactively constraining the application's access to the system (*bsd and Linux). Systrace is able to monitor daemons on remote machines and generate warnings at a central location. |
| |
Snortalog - http://jeremy.chartier.free.fr/snortalog/
Perl-based log analysis tool that summarizes network security events from any native snort database format. |
| |
Passive OS Fingerprinting (pOf) - http://lcamtuf.coredump.cx/p0f.shtml
An advanced passive OS/network fingerprinting utility for use in IDS environments, honeypots environments, firewalls and servers. |
| |
Streamline - http://www.few.vu.nl/~wdb/streamline/
An open source stream-based operating system I/O subsystem that minimizes copying and context switching and moves I/O processing to the most suitable resource. News, downloads, documentation and forum. |
| |
Firestorm Network Intrusion Detection System - http://www.scaramanga.co.uk/firestorm/
Firestorm is a high-performance GPL-licensed network intrusion detection system (NIDS). Features include being fully pluggable, easily configurable, and an extremely scalable signature engine. |
| |
Panoptis - http://panoptis.sourceforge.net
Network-IDS that detects and stops DoS/DDoS attacks by using real-time Cisco NetFlow data. |
| |
QuIDScor IDS/VA correlation - http://quidscor.sourceforge.net
QuIDScor is an Open Source project demonstrating the value in correlating information between Intrusion Detection Systems (such as Snort) and vulnerability assessment and management platforms such as QualysGuard. |
| |
Snortattack - http://snortattack.org/
An intrusion protection system in the form of a bash shell script that is designed to make the installation of Snort in inline mode on Fedora or Debian as easy as possible. |
| |
Fail2Ban - http://sourceforge.net/projects/fail2ban/
fail2ban is a POSIX/Linux tool used to ban IP addresses that generate too many password failures. ssh, iptables, ipfwadm and ipfw are currently supported. |
| |
SnortSMS Project - http://snortsms.sourceforge.net/
A configurable web-base administration console written in PHP which can remotely manage, control, and monitor multiple Snort based Intrusion Detection System sensors. |
| |
LAk Intrusion Prevention System - http://lak-ips.sourceforge.net/
A single compilation of source, binaries, scripts and whitepapers on intrusion prevention systems. The aim is to quickly establish a working IPS within minutes. |