A free lightweight network intrusion detection system for UNIX and Windows.

Provides open source application to check for presence of rootkits installed on Linux/Unix machines. Links to security related sites.

Distributed hybrid IDS framework, that collects and aggregates event reports from available security systems, and analyses them on a central system.

Powerful PHP-based data analysis tool for network security events captured by many common IDS tools, including snort and tcpdump.

AIDE is a file integrity checker that supports regular expressions. Licensed with GPL.

Open-source GPL rootkit scanner for Unix-like systems. Scans for rootkits, trojans, backdoors and local exploits. Tests include scanning of plaintext and binary files for MD5 hash comparisons, default rootkit files, binary permissions, suspect LKM/KLD...

A tripwire-like utility which uses MD5 to check files for modifications.

Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet or for network monitoring. For *BSD, GNU/Linux, and Solaris.

LIDS is an enhancement for the Linux kernel written by Xie Huagang and Philippe Biondi. It implements several security features that are not in the Linux kernel natively. Some of these include: mandatory access controls (MAC), a port scan detector, fi...

An advanced passive OS/network fingerprinting utility for use in IDS environments, honeypots environments, firewalls and servers.