SID - Shell/PTY based Host Intrusion Detection System

Shell/PTY Intrusion Detection: Aims at detecting unwanted PTY action on UNIX systems. SID-IDS is a Host Intrusion Detection System.
Consists of a kernel part and a user part. The kernel part plugs into terminal processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes) and takes appropriate action upon finding unexpected log entries.


July 2005: Release 0.4.2 adds privilege separation for the user part, fixes issue with multicharacter input for the Linux 2.6 kernel part.

April 2005: A Debian binary kernel package for Linux 2.6.10-1-386 has been added.

March 2005:
- Binary SID Solaris 8 packages (see below for downloads) work fine with Solaris 10 - at least on SPARCs, with the FCS (Final Customer Shipping) as recently released by Sun.
I suspect that Solaris 10 x86 will work, too, as well as Solaris 9 on both architectures (untested).
- Further docs: Solaris STREAMS setup and the Linux function hijacking setup.

February 2005: Release 0.4.1 is availbable, now providing packaging support for Debian with 2.6 kernels on x86.

January 2005: Release 0.4.0 is availbable, providing first-time kernel-part support for Linux 2.6 on x86.



Source: The following release 0.4.2 binary packages for Solaris 8 are available: The following release 0.4.2 binary packages for Debian Linux i386 are available: Build your own Debian package if you run a different kernel (instructions see INSTALL).

© 2003-2005 - Harald Deppeler - last modified July 16 2005 Logo