Shoki is a free, open source network intrusion detection system.
Shoki is a free, open source network intrusion detection system. The fundamental design goals are simplicity and modularity, and the focus is on traffic analysis rather than content inspection.

Here are some key features of "Shoki":

Signature matching using libpcap-style filter expressions
Support for searches using POSIX extended regular expressions
Optional support for searches using Perl-compatible regular expressions
Dynamic rule-based signature generation
Correlation of data from multiple sources
Sending alerts to IM clients via the Jabber protocol
Visualisation of packet data via OpenGL
Anomaly scoring based on questionable math
Correlation of events to local assets (and known vulnerabilities)
Remote OS identification via passive fingerprinting
RFC 815-style fragment reassembly
Configurable scan detection
Configurable threshold-based signature detection
Analysis of entropy in IP packet fields




Create a `shoki' user (via adduser(8) or the equivalent), then:

# ./configure [ --with-pgsql ] [ --with-gtk ] [ --with-pcap=DIR ]
# make
# make test
# make install
# make chroot

...and if you're using the Postgres stuff (and you should be), add the
postgres user to the shoki group and then...

# make db

What's New in This Release:

lexer bugfix: Added pcap_close() before exiting
doctrine logic bugfix: fixed bug in doctrine verifier
doctrine logic tweak: added canonicalise_pcap()
search logic bugfix: fixed bug handling NULLs (0x00) in hex searches
TCP option handling bugfix: fixed bug in TCP option processing on sparc64 (and other platforms where unaligned access fails)
ac bugfix: fixed memory allocation error in ac(1)
feature add: added preliminary IDMEF output support
feature add: added test for dumpfile rewriting
scripting tweak: changed semantics in some scripts in handling lists of filenames

last updated on:
February 7th, 2008, 0:43 GMT
license type:
GPL (GNU General Public License) 
developed by:
Stephen P. Berry
ROOT \ Security
Download Button

In a hurry? Add it to your Download Basket!

user rating 15



Rate it!

Add your review!