sktrap (script kiddies trap) is a tiny intrusion detection system. Installed on the monitor server, it runs tests via ssh on its clients. Cracks very visible (files,open ports). Built in reply to and very succesful in finding real-world break-ins.
Categories
Anti-MalwareLicense
GNU General Public License version 2.0 (GPLv2)Follow sktrap
You Might Also Like
Rate This Project
Login To Rate This Project
User Reviews
-
BIG KUDOS for this program! This little program listed an infection in the "/dev/shm/ /" directory. (so attacker made a SPACES subdir to make it invisible!) Grindr/sktrap listed 35 files in that server that changed, 30 files of them were the infection's files. I looked at the source code and the ideas behind this program are smart, and stuff is pretty well polished. Feature request: maybe you can make the whitelisting PER SERVER? Baselining and looking for changes in ports based on the baseline. Illyana :)
-
Nice . very simple to setup and very effective at what it does: monitor your system integrity.
-
I like this program: instead of being bombarded with the same warnings every day (with the risk of ignoring important real changes), with this program, you get a single file with a few lines max per client listed. I guess this is based on the programs main idea of just finding the modification time changes, so you just get the changed stuff listed. I've made a cronjob myself to run grindr every night, which starts a wrapper I built to mail grindrs' output to my inbox. Maybe "agentb" can built-in the mail-feature? Cheers, Tom
-
Great little piece of software, i use this script on my main monitor server to watch about 12 other server and i get notified about all changes. For example last week someone added a new root user without letting me know and i got notified via grindr so i could check if this was legit, turned out it was. I can recommend this to anyone managing multiple servers and who find tripwire too much hassle to install.