NSIVGPL v2
Network Socket Inode Validation
Socket inode checks for compromise detection
Network Socket Inode Validation (NSIV) validates network socket inodes to detect security anomalies by correlating processes to their network sockets at the kernel inode level.
NSIV identifies potentially compromised or suspicious network activity by verifying that the inodes reported by network-facing processes match expected values, exposing hidden or injected sockets that may indicate rootkit activity, process hijacking, or unauthorized network access.
Project Downloads & Supporting Files
2
3d
4
7d
15
30d
42
90d
186
1y
Mar 13 — Mar 16
Features
Validation
- Network socket inode validation at the kernel level
- Process-to-socket correlation for anomaly detection
- Detection of hidden or injected sockets indicative of rootkits
- Identification of unauthorized network access by processes
- Lightweight validation suitable for periodic cron execution
- Complements LSM and SIM for layered security monitoring
Installation
bash
$ wget https://www.rfxn.com/downloads/nsiv-current.tar.gz
$ tar xfz nsiv-current.tar.gz
$ cd network-socket-inode-validation-*
$ sudo ./install.shVerify Download
MD5 Signature Verification
Always verify the integrity of downloaded packages before installation.
bash
$ wget https://www.rfxn.com/downloads/nsiv-current.tar.gz
$ wget https://www.rfxn.com/downloads/nsiv-current.tar.gz.md5
$ md5sum -c nsiv-current.tar.gz.md5