The Samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is a multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

Features:

• PCI DSS Compliance
• File integrity checks
• Host integrity monitoring
• Logfile monitoring/analysis
• Log facilities
• Integration with other systems / Active response

Download: Samhain Version 2.5.9c

Firekeeper is an Intrusion Detection and Prevention System for Firefox.
It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts.
Rules can also be used to effectively filter different kinds of unwanted content.

Features :
* Ability to scan HTTP(S) request URL, response headers and body, and to cancel processing of suspicious requests
* Encrypted and compressed responses are scanned after decryption/decompression
* Privacy friendly – no data is send to external servers, all scanning is done on the local computer
* Very fast pattern matching algorithm (taken directly from Snort).
* Interactive, verbose alerts that give an ability to choose a response to detected attack attempt.
* A detailed view of suspicious response headers and body
* Event logging
* Ability to use any number of files with rules and to automatically load files from remote locations

Download :
http://firekeeper.mozdev.org/

This lightweight network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.

Open source Snort works fine for many individuals, small businesses, and departments. Parent company SourceFire offers a complimentary product line with more enterprise-level features and real-time rule updates. They offer a free (with registration) 5-day-delayed rules feed, and you can also find many great free rules at Bleeding Edge Snort.

Latest Release : Snort 2.8.3.1

Download :
http://www.snort.org/dl/

Honeytrap is a network security tool written to observe attacks against network services.
As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and uses plugins for automated analysis.

Operating System: FreeBSD, Linux, OpenBSD
Programming Language: C

Download :
http://sourceforge.net/projects/honeytrap/

Valhala Honeypot is a simple honeypot for Windows.
The program have the servers: web, ftp, finger, telnet, smtp, pop3, tftp and port forwarding.
Send logs remotely. Easy to configure. Em portugues.

Package: Valhalahoneypot
Release: valhala170
Date: April 21, 2008

Download :
http://sourceforge.net/projects/valhalahoneypot/