Shoki
Details
| Last Update: | 2008-02-06 17:01:11 |
| Version: | 0.3.0.1078987736 |
| License/Program Type: | GPL (GNU General Public License) |
| Publisher: | Stephen P. Berry |
| Price: | $0.00 |
Description:
Shoki is a free, open source network intrusion detection
system. The fundamental design goals are simplicity and modularity,
and the focus is on traffic analysis rather than content
inspection.
Here are some key features of
"Shoki":
· Signature matching using libpcap-style filter
expressions
· Support for searches using POSIX extended regular
expressions
· Optional support for searches using Perl-compatible
regular expressions
· Dynamic rule-based signature generation
· Correlation of data from multiple sources
· Sending alerts to IM clients via the Jabber
protocol
· Visualisation of packet data via OpenGL
· Anomaly scoring based on questionable math
· Correlation of events to local assets (and known
vulnerabilities)
· Remote OS identification via passive
fingerprinting
· RFC 815-style fragment reassembly
· Configurable scan detection
· Configurable threshold-based signature detection
· Analysis of entropy in IP packet fields
Requirements:
· libpcap
· flex
· yacc
· zlib
INSTALLATION:
Create a `shoki' user (via adduser(8) or the equivalent),
then:
./configure [ --with-pgsql ] [ --with-gtk ] [
--with-pcap=DIR ]
make
make test
make install
make chroot
...and if you're using the Postgres stuff (and you should be),
add the
postgres user to the shoki group and then...
make db
What's New in This Release:
· lexer bugfix: Added pcap_close() before exiting
· doctrine logic bugfix: fixed bug in doctrine
verifier
· doctrine logic tweak: added canonicalise_pcap()
· search logic bugfix: fixed bug handling NULLs (0x00)
in hex searches
· TCP option handling bugfix: fixed bug in TCP option
processing on sparc64 (and other platforms where unaligned access
fails)
· ac bugfix: fixed memory allocation error in ac(1)
· feature add: added preliminary IDMEF output
support
· feature add: added test for dumpfile rewriting
· scripting tweak: changed semantics in some scripts in
handling lists of filenames
0 comments
Add to
Shoki Version History
Related Software
|
|
From category: Security |
| chkrootkit 0.45 is security software developed by Nelson Murilo. chkrootkit is a tool to locally check for signs of a rootkit. It contains: chkrootkit: shell script that checks syst... |
|
|
From category: Other-Tools |
| AVIRA Antivirus for Exim is a comprehensive antivirus solution for Linux mailservers, functioning at high speed and filtering against malicious contents by checking both incoming and outgoing emails.... |
|
|
From category: Other-Tools |
| - Use Super Privacy Controls to take power over confidential information... |
|
|
From category: Security |
| AVIRA Desktop for Unix 1.1.4 is security software developed by AVIRA. AVIRA Desktop for Unix is a superior antivirus solution, especially created to offer a virus-free Unix environment, for home an... |
|
|
From category: Encryption |
| Key logging software runs in stealth mode and periodically at equal interval of time track all typed keystrokes. Software specially designed to capture window screenshot including online internet scre... |
|
|
From category: Other-Tools |
| - Combine the power of Anti-Spyware with most sophisticated Spam Controls... |
|
|
From category: Security |
| Advchk 1.02 is security software developed by Stephan Schmieder. Advchk (Advisory Check) reads security advisories so you don&039;t have to. Advchk gathers security advisories using RSS fee... |
|
|
From category: Security |
| F-Prot Antivirus for Linux Workstations 4.6.7 is security software developed by FRISK Software International. F-Prot Antivirus security software package has various components that help keep your s... |
|
|
From category: Security |
| Firewall Builder for PIX 2.1.8 is security software developed by NetCitadel, LLC. Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of poli... |
|
|
From category: Security |
| Digital Invisible Ink Toolkit 1.5 is security software developed by Kathryn H. The Digital Invisible Ink Toolkit is a Java steganography tool that can hide any sort of file inside a digital image (... |
|
|
From category: Security |
| Antivirus Scan with F-Prot 0.5 is security software developed by isma. Antivirus Scan with F-Prot is a simple servicemenu for konqueror that allows to scan single or multiple files and folders usin... |
|
|
From category: Security |
| dotDefender 2.16 is security software developed by Applicure Technologies, Ltd.. dotDefender secures websites against a broad range of HTTP-based attacks, including Session attacks (e.g. Denial of... |
|
|
From category: Security |
| Password Manager Daemon is a daemon that serves data to application via a socket.... |
|
|
From category: Security |
| KCrypto is a KDE2 file encryptor.... |
|
|
From category: Security |
| UnHash is a program that tries to find a collision in a given hash.... |
Leave a comment