Shell/PTY Intrusion Detection: Aims at detecting unwanted PTY action on UNIX systems. SID-IDS is a Host Intrusion Detection System.
Consists of a kernel part and a user part. The kernel part plugs into terminal processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes) and takes appropriate action upon finding unexpected log entries.
July 2005: Release 0.4.2 adds privilege separation for the user part, fixes issue with multicharacter input for the Linux 2.6 kernel part.
April 2005: A Debian binary kernel package for Linux
2.6.10-1-386 has been added.
- Binary SID Solaris 8 packages (see below for downloads) work fine with Solaris 10 - at least on SPARCs, with the FCS (Final Customer Shipping) as recently released by Sun.
I suspect that Solaris 10 x86 will work, too, as well as Solaris 9 on both architectures (untested).
- Further docs: Solaris STREAMS setup and the Linux function hijacking setup.
February 2005: Release 0.4.1 is availbable, now providing packaging support for Debian with 2.6 kernels on x86.