Pakistan Computer Emergency Response Team

The Security Standard


HOME | ABOUT US | SERVICES | ADVISORIES | RESOURCES | DEFACEMENT ARCHIVE | MEMBERS AREA | TRAINING | CONTACT US

Copyright | Disclaimer

 

 

 


 

RESOURCE CENTER > FILE INTEGRITY CHECKER

Chklastlog

Checks wtmp for signs of tampering.

Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/logutils/chklastlog

CheckWtmp

Check wtmp for tampering.

Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/logutils/chkwtmp

CPM (Sun OS)

Check Promiscuous Mode - The cpm program from Carnegie Mellon University. Checks a system for any network interfaces in promiscuous mode; this may indicate that an attacker has broken in and started a packet snooping program.

Download:
ftp://ftp.jaring.my/pub/cert/tools/cpm/

ifstatus

Ifstatus checks network devices for promiscuous mode.

Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/ifstatus

L5 (UNIX/DOS)

L5 generates directory listings and reports everything it can about a file's status, such as file type, inode number, number of hardlinks, mtime, etc. L5 adds a MD5 hash to the data so it can be used to detect file modifications.

Download:
http://www.ja.net/CERT/Software/L5/

MD5

The source code and specification for the MD-5 message digest function.

Download:
ftp://ftp.jaring.my/pub/cert/tools/md5/

Tripwire

The Tripwire package from Purdue University. Scans file systems and computes digital signatures for the files therein, then can be used later to check those files for any changes.

Download:
http://www.tripwire.com/

ViperDB

ViperDB was created as a smaller and faster option to Tripwire.

Download:
http://www.resentment.org/projects/viperdb/

All rights reserved. Copyright© PakCERT 2000-2017