Free intrusion prevention software for linux

OpenPKG is a flexible and powerful software packaging facility, OpenPKG eases installation and administration of Unix software across several platforms. It primarily targets the Unix platforms FreeBSD, Linux and Solaris, but is portable across mostly all modern Unix flavors.
Consolidating different vendor approaches into a unified architecture, it assists in administration of large networks previously complicated by nonconformant systems. OpenPKG leverages proven technologies like Red Hat Package Manager (RPM)and neatly provides an additional system layer on top of the operating system.
It is a fully self-contained with minimal external dependencies(no RPM pre-installation required), and installs itself by means of a tricky bootstrapping procedure with minimal operating system intrusion. OpenPKG especially supports multiple installation instances on the same system.
Main features:
- Portable across major Unix platforms.
- Available for FreeBSD 4.11/5.4/6.0/7.0, NetBSD 2.0, Sun Solaris 8/9/10, Debian GNU/Linux 3.1, Fedora Core 4, RedHat Enterprise Linux 4, Novell SUSE Linux 9.3/10, Gentoo Linux 1.12.0, Mandriva Linux 10.2.
- Already known to work for IBM AIX 5.1, HP HPUX 11.11.
- Release 2.5 consists of 579 packages.
- Entirely based on Open Source software technology.
- Operating System interference minimized.
- Streamlined software packaging.
- Easy installation, updating and deinstallation of packages.
- Bundled with useful and secure package preconfigurations.
- Includes an abstracted and powerful run-command facility.
- Virtual hosting through multiple instances on a single system.
- Proxy packages for reusing packages across instances.
- Build-time package variations for maximum flexibility.
- Foundation to build self-contained environments.

InJoy Firewall is a flexible firewall security solution for businesses of any size. It offers preconfigured policy templates, including full customization options, IPSec VPN integration, gateway capabilities, intuitive management, access control, many documented deployment examples, and comprehensive documentation.

Without question, the Linux Operating System provides a proven and cost-effective platform, as well as a wealth of high-quality open source software. For business use, however, it often proves difficult to find supported linux firewall solutions that provide the required level of confidence, reliability and trust. With the InJoy Firewall™, businesses can benefit from Linux without having to give up the safety of a responsible vendor and a traditional business relationship.

Security as never before — the InJoy Firewall™ for Linux provides customers with next generation intrusion and anomaly detection. These technologies provides network administrators with the ultimate tools to keep track of network activity and eliminate Internet threats of any type.

As a busy and responsible network administrator, you will find great relief in the InJoy Firewall™. As the only Linux firewall, it is designed from the ground up to be self-contained, thus ensuring optimal performance and minimum impact from third-party problems. This means you dont have to worry about dependencies with Linux connectivity software, software libraries or kernel compilation.


Manage your remote Linux-based Firewall Server from your Windows-based desktop (or any other supported Operating Systems), using the intuitive InJoy firewall™ GUI. Linux users that prefer plain-text configuration can opt for that with the InJoy firewall™ as well.

The InJoy firewall™ works the same under all the supported operating systems, meaning you can deploy a complete and unified protection strategy throughout the business and effortlessly set up fully capable VPNs without having to worry about interoperability issues.

The InJoy firewall™ installs in minutes and can be prepared for distributed, company-wide deployment, using the same simple installation scripts everywhere.

GNU Phantom.Security is a computer-controlled security system.
Phantom is designed to be a completely customizable computer controlled security system. All source code (C++/Bourne script) is included. Phantom was designed & tested on a Linux system, but I assume the C++ portions can be easily ported to other Unix systems (even DOS/Windows, maybe?). The Phantom Security system is for use with intrusion/fire detection equipment such as motion sensors, door magnets, and smoke detectors. However, any Normally Open or Normally Closed device may work with little or no change to the code. All source code and diagrams included are free to use,for distributing, and to modify!
Phantom.Controller is to be used in a system with non-powered security devices, i.e. door magnets. Phantom.Controller2 is for systems with powered security devices, i.e. motion sensors & smoke detectors. Anyone with a basic knowledge of circuit design can mix and match from these two diagrams to mix powered & non-powered devices!
Enhancements:
- To compile & install Phantom.Security 1.00:
- configure
- make
- make install
- The default installation directory is /home/Phantom/security. However, this can be modified in the top-level Makefile.am (if this is changed, you need to re-run aclocal, autoconf, & automake). However, both the bindir and datadir should point to the SAME directory, or else Phantom.Security wont function correctly, because it wont be able
- to find the Phantom.conf file.
Enhancements:
- Version 1.0!!! GNU Phantom.Security is out of Beta! I have been running Phantom.Security for months straight on my machine at work and believe it is stable enough to promote it out
- of Beta!
- Created HTML & PostScript versions of documentation. Available on-line.

The Bait and Switch Honeypot is a multifaceted attempt to take honeypots out of the shadows of the network security model and to make them an active participant in system defense.
To do this, we are creating a system that reacts to hostile intrusion attempts by redirecting all hostile traffic to a honeypot that is partially mirroring your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data and your clients and/or users still safely accessing the real system.
Life goes on, your data is safe, and you are learning about the bad guy as an added benefit. The system is based on snort, linuxs iproute2, netfilter, and custom code for now.
We have plans on adding additional support in the future if possible.
Enhancements:
- So its beta release day. The final package is up, but largely unannounced. Ive cleaned up the few bugs I knew about, added the blacklisting feature, tested and added features to electr0ns config script, and updated the documentation to the point where I think its very useable and easy to understand.
- I have also added a baitnswitch-users mailing list through sourceforge.

Untangle Gateway Platform is a Linux-based network gateway with pluggable modules for network applications like spam blocking, Web filtering, anti-virus, anti-spyware, intrusion prevention, VPN, SSL VPN, firewall, and more.
Enhancements:
- Bugfixes from 5.0.0-beta; this release is stable.

Streamline is a high-speed networking subsystem for commodity operating systems. It increases performance by moving processing tasks to the fastest location. Streamline supports in-kernel execution, but also dedicated hardware (NICs) and even remote machines. An implementation of Streamline for Linux 2.6.13 and higher is made publicly available.
The goal of Streamline is to make fast network processing viable for common tasks. Many advanced processing schemes so far fail to make it into OSes, because they are difficult to combine with the socket(..) API or only applicable in a few situations. Our goal is to integrate known as well as develop new methods that replace sockets(..). without burdening application developers and end-users. Streamline achieves this by constructing a tailored dataplane for each application at runtime from an extensible set of functions.
Applications request information streams by specifying a series of abstract functions that need to be performed on incoming data (e.g., select tcp packets for port 80, reassemble into a stream, filter out known attacks). At runtime, streamline searches for implementations of these functions. These can be found in the kernel, in the application library, or in dedicated hardware such as programmable network cards or asymmetric multicores. When all functions are found, interconnecting datapaths are setup. Paths may need to cross the PCI bus, userspace/kernelspace barrier or even LANs. Optimisation of these paths is one of the factors that contributes to Streamlines performance.
The base system comes bundled with functions for pattern matching (Aho Corasick, RegEx), accounting, filtering (among others BPF), stream reassembly, rewriting, inspection, and more. Obvious uses are intrusion detection, network address translation, media streaming and realtime (pre)processing of scientific data.
Enhancements:
- This is mostly a stabilization release, which adds support for Linux kernels up to 2.6.22 and Fedora Core installations.
- The only truly new feature is a virtual filesystem interface (like sysfs) to streamline.
- With this "netmonfs" you can inspect live datastreams as if youre reading local files.
- Setting up streams and filters is easily accomplished through mkdir, open, and other well-known tools.
- Note that netmonfs is still beta quality software.

SNARE (System iNtrusion Analysis and Reporting Environment) is a kernel patch, daemon, and Gnome2 GUI, that together provide a host intrusion detection facility and C2-style auditing/event logging capability for Linux similar to the Basic Security Module (BSM) for Solaris, or the Windows Event Log.
SNARE is divided into three key components:
The Kernel changes
In order to collect event log data, Snare needs to add auditing support into the operating system. You can choose to either install a binary version of the kernel, with Snare already integrated, or you can apply a patch to your kernel source.
Although we try hard to make Snare as easy to install as possible, there are hundreds of different distributions and kernel versions, and it would be an immense task to build Snare for each variant. We are hoping that recent efforts towards creating a native auditing subsystem for linux will soon mean that the kernel component of the Snare for Linux agent, will no longer be required.
The Snare Audit Daemon
The Snare audit daemon acts as an interface between the Linux kernel, and the security administrator. It allow you to turn on events, filter the output, and potentially push audit log information back to a central location for collection, analysis and archival.
The Snare Micro-Web Server, and Audit GUI
The Snare audit GUI provides a graphical user interface to the Snare audit daemon. It allows you to add, remove or modify audit objectives, and change reporting options.
The Micro-Web Server, is embedded in the audit daemon, and provides a very simple configuration capability that can be managed from your web browser.
Enhancements:
- Added support for compound matching elements (e.g. name=/etc/* name!=/etc/blah/*)
- Improved authentication support for remote control interface
- Updated SELinux policy (RHEL5 support)
- Improved automatic audit configuration using objective returncode detection to pre filter unnecessary records
- Fixed element matching error
- Fixed error in criticality reporting (e.g. criticality was always zero)
- Fixed race condition that could potentially clear all audit rules on restart
- Improved effeciency allowing a higher throughput
- Improved installer for easier deployment
- Disabled local logging by default