Checks
wtmp for signs of tampering.
Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/logutils/chklastlog
Check wtmp
for tampering.
Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/logutils/chkwtmp
Check
Promiscuous Mode - The cpm program from Carnegie Mellon University.
Checks a system for any network interfaces in promiscuous mode; this
may indicate that an attacker has broken in and started a packet snooping
program.
Download:
ftp://ftp.jaring.my/pub/cert/tools/cpm/
Ifstatus
checks network devices for promiscuous mode.
Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/ifstatus
L5
generates directory listings and reports everything it can about a file's
status, such as file type, inode number, number of hardlinks, mtime,
etc. L5 adds a MD5 hash to the data so it can be used to detect file
modifications.
Download:
http://www.ja.net/CERT/Software/L5/
The source
code and specification for the MD-5 message digest function.
Download:
ftp://ftp.jaring.my/pub/cert/tools/md5/
The Tripwire
package from Purdue University. Scans file systems and computes digital
signatures for the files therein, then can be used later to check those
files for any changes.
Download:
http://www.tripwire.com/
ViperDB
was created as a smaller and faster option to Tripwire.
Download:
http://www.resentment.org/projects/viperdb/
|
