Skip to main content
rfxn
NSIVGPL v2

Network Socket Inode Validation

Socket inode checks for compromise detection

Documentation is being modernized. Expanded guides, configuration references, and usage examples are on the way.

Project PageDownload

On this page

OverviewFeaturesInstallationResources

Overview

Network Socket Inode Validation (NSIV) validates network socket inodes to detect security anomalies by correlating processes to their network sockets at the kernel inode level.

NSIV identifies potentially compromised or suspicious network activity by verifying that the inodes reported by network-facing processes match expected values, exposing hidden or injected sockets that may indicate rootkit activity, process hijacking, or unauthorized network access.

Features

Validation

  • Network socket inode validation at the kernel level
  • Process-to-socket correlation for anomaly detection
  • Detection of hidden or injected sockets indicative of rootkits
  • Identification of unauthorized network access by processes
  • Lightweight validation suitable for periodic cron execution
  • Complements LSM and SIM for layered security monitoring

Installation

Install from tarball:

  $ wget https://www.rfxn.com/downloads/nsiv-current.tar.gz
  $ tar xfz nsiv-current.tar.gz
  $ cd nsiv-*/
  $ sudo ./install.sh

Verify download integrity:

  $ wget https://www.rfxn.com/downloads/nsiv-current.tar.gz.md5
  $ md5sum -c nsiv-current.tar.gz.md5

Resources

Download: https://www.rfxn.com/downloads/nsiv-current.tar.gz

More Documentation

LMDLinux Malware DetectAPFAdvanced Policy FirewallBFDBrute Force DetectionIRSYNCIncremental RsyncLESLinux Environment Security