NSIVGPL v2
Network Socket Inode Validation
Socket inode checks for compromise detection
Network Socket Inode Validation (NSIV) validates network socket inodes to detect security anomalies by correlating processes to their network sockets at the kernel inode level.
NSIV identifies potentially compromised or suspicious network activity by verifying that the inodes reported by network-facing processes match expected values, exposing hidden or injected sockets that may indicate rootkit activity, process hijacking, or unauthorized network access.
Project Downloads & Supporting Files
3
3d
5
7d
23
30d
63
90d
279
1y
Feb 18 — Feb 21
Features
Validation
- Network socket inode validation at the kernel level
- Process-to-socket correlation for anomaly detection
- Detection of hidden or injected sockets indicative of rootkits
- Identification of unauthorized network access by processes
- Lightweight validation suitable for periodic cron execution
- Complements LSM and SIM for layered security monitoring
Installation
bash
$ wget https://www.rfxn.com/downloads/nsiv-current.tar.gz
$ tar xfz nsiv-current.tar.gz
$ cd network-socket-inode-validation-*
$ sudo ./install.shVerify Download
MD5 Signature Verification
Always verify the integrity of downloaded packages before installation.
bash
$ wget https://www.rfxn.com/downloads/nsiv-current.tar.gz
$ wget https://www.rfxn.com/downloads/nsiv-current.tar.gz.md5
$ md5sum -c nsiv-current.tar.gz.md5