Search Results for "kernel security"

Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser...

ttyrpld is a multi-OS kernel-level TTY keylogger and screenlogger with (a)synchronous replay support. It runs on Linux, Solaris, FreeBSD, NetBSD and OpenBSD.

Syslogd2 is a syslog daemon that has been completely re-imagined specifically for use in network environments. It is multi-threaded, scalable and versatile with features designed for both network and host managers. Each Syslogd2 binary is customized from a set of over 20 features at compile-time. It can support input from text files, named-pipes, Linux kernel and user-defined Linux and (both IPv4 and IPv6) IP sockets (both UDP and TCP). It provides a pre-loadable name-cache that can...

A Linux kernel module to grab keys pressed in the keyboard, or a keylogger. keysniffer was initially written with the US keyboard (and conforming laptops) in mind. By default it shows human-readable strings for the keys pressed. However, as keyboards evolved, more keys got added. So the module now supports a module parameter codes which shows the keycode shift_mask pair in hex (codes=1) or decimal (codes=2). You can lookup the keycodes in /usr/include/linux/input-event-codes.h. The...

ClamFS is a FUSE-based user-space file system for Linux with on-access anti-virus file scanning through clamd daemon. ClamFS has moved to Github. Please navigate to github.com/burghardt/clamfs.

NXLog is a modular, multi-threaded, high-performance log management solution with multi-platform support. In concept it is similar to syslog-ng or rsyslog but is not limited to unix/syslog only. It can collect logs from files in various formats, receive logs from the network remotely over UDP, TCP or TLS/SSL . It supports platform specific sources such as the Windows Eventlog, Linux kernel logs, Android logs, local syslog etc. Writing and reading logs to/from databases is also supported....

Uberviewer is a java/swt log processor for Uberlogger (a kernel-based observatory). It allows real-time analysis of a remote OS, including process and I/O monitoring. This tool is intended to be helpful for security researchers and malware analysts.

USRBAC is a kernel patch and userspace daemon that allows role based access control to be mitegated in userspace. The goal is to allow a secure way to impliment RBAC compliant security systems using a daemon in userspace

Status Module is a daemon which forwards vital system information (memory usage, active processes, etc.) into the kernel logs by using a kernel module. This is very useful for logging or security purposes.

KISS is a kernel-side host-oriented security tool, which may bring you file integrity checking, file and process hiding and actions handling on special internal events (using a tiny scripting language).

A linux kernel module and supporting user space environment which allow interception and modifying system calls that match user defined criteria. Think of it as strace on steroids.

ProSum is a terminal based program that protects your files, sys_call_table and IDT like tripwire way (All in user space, without kernel modules) In addition, database with files etc. could be encrypted with Blowfish algorythm and more.