Network Socket Inode Validation (NSIV)

Socket inode checks for compromise detection

Overview

Network Socket Inode Validation (NSIV) validates network socket inodes to detect security anomalies by correlating processes to their network sockets at the kernel inode level.

NSIV identifies potentially compromised or suspicious network activity by verifying that the inodes reported by network-facing processes match expected values, exposing hidden or injected sockets that may indicate rootkit activity, process hijacking, or unauthorized network access.

Features

Validation

• Network socket inode validation at the kernel level
• Process-to-socket correlation for anomaly detection
• Detection of hidden or injected sockets indicative of rootkits
• Identification of unauthorized network access by processes
• Lightweight validation suitable for periodic cron execution
• Complements LSM and SIM for layered security monitoring

Installation

Install from tarball:

wget https://www.rfxn.com/downloads/nsiv-current.tar.gz
tar xfz nsiv-current.tar.gz
cd nsiv-*/
sudo ./install.sh

Resources

• Download: https://www.rfxn.com/downloads/nsiv-current.tar.gz