Lockdown Source Code

• DOWNLOAD latest package (updated 11/5/2008)
  • lockdown-client.zip: agent installation package
  • lockdown-server.zip: data processing and server installation package
  • lockdown-viewer.zip: visualization tool package

• Monitor: The Monitor is installed on each host within the network and is responsible for collecting the local context [netstat, ps, and lsof data] and sending it to the collecting server.
  • Linux: exp_deploy.zip
    • new release, 7/23/2008:exp_deploy_pkg.zip
  • OS X 10.4: Lockdown_OSX_Monitor.tar
  • Solaris: Lockdown_Solaris_Monitor.tar currently does not install into startup folders

• Enforcer: The Enforcer is a Linux Security Module, LSM, that is responsible for enforcing policy within the kernel.
  • Linux [2.6 kernel]: update coming soon

• Repository/Parser/Viewer: The server processes data uploaded by the Monitors and manages the database (SQL) for storing the information. It contains analysis functions for extracting data patterns from the database. It also contains a GUI interface (viewer) to explore the data interactively and view the network activities in graphs in terms of hosts, users and applications.
  • Server [JAVA]: expsicor_server.zip update coming
    • release, 7/23/2008:eXpiscor_viewer_pkg.zip

• Backend Data Processing (Parser), Repository (Aggregator and File Server), Visualization tool (GUI client): Transition from SLQ database to Lockdown File System (LFS) as the backend to speed up data processing for a even larger scale of deployment.
  • new release, 10/6/2008: Lockdown.zip