3rd Party Agents Installation¶
- Auditd (Homepage) - The Linux Audit Daemon.
Auditd provides user-space utilities for creating audit rules, as well as for storing and searching audit records generated by the audit subsystem in the Linux 2.6 kernel. It features an Intrusion Detection plugin that analyses the audit stream in realtime for suspicious events and alerts via IDMEF using Prelude.
- ufwi-filterd (Homepage)
ufwi-filterd adds user-based filtering to Netfilter, the state of the art IP filtering layer from the Linux kernel. Its exclusive algorithm allows authenticated filtering even on multiuser computers. ufwi-filterd can be seen as an Identity access management solution, at the network level.
- LinuxPAM (Homepage)
Linux-PAM is a system of libraries that handle the authentication tasks of applications on the system. The library provides a stable general interface that privilege granting programs (such as login and su) defer to perform standard authentication tasks.
- Nepenthes (Homepage)
Nepenthes is a versatile tool to collect malware. It acts passively by emulating known vulnerabilities and downloading malware trying to exploit these vulnerabilities.
- OSSEC (Homepage)
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.
- Samhain (Homepage) - The File Integrity Checker
Samhain is a multiplatform, open source host-based intrusion detection system (HIDS) for POSIX (Unix, Linux, Cygwin/Windows). Samhain provides file integrity checking, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
- SanCP (Homepage)
SanCP is a network security tool designed to collect statistical information regarding network traffic, as well as, record the traffic itself to file in pcap format for the purpose of: auditing, historical analysis, and network activity discovery.
- Snort (Homepage) - The Defacto Standard Open Source IDS.
Snort is a network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods.
- Suricata (Homepage) - Open Source IDS / IPS / NSM engine
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine.
- Kismet (Homepage) - Open Source Wifi IDS / IPS engine
Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types.