Shell/PTY Intrusion Detection: Aims at detecting unwanted PTY action on UNIX systems. SID-IDS is a Host Intrusion Detection System.
Consists of a kernel part and a user part.
The kernel part plugs into terminal processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes) and takes appropriate action upon finding unexpected log entries.
July 2005: Release 0.4.2 adds privilege separation for the user part, fixes issue with multicharacter input for the Linux 2.6 kernel part.
April 2005: A Debian binary kernel package for Linux 2.6.10-1-386
has been added.
March 2005:
- Binary SID Solaris 8 packages (see below for downloads) work fine with Solaris 10 - at least on SPARCs, with the FCS (Final Customer Shipping) as recently released by Sun.
I suspect that Solaris 10 x86 will work, too, as well as Solaris 9 on both architectures (untested).
- Further docs: Solaris STREAMS setup and the Linux function hijacking setup.
February 2005: Release 0.4.1 is availbable, now providing packaging support for Debian with 2.6 kernels on x86.
970cdce20fc74a60d5923f6f39fcc519
433bcb21735bfa37bd1fe20331bf5480
b72a85e97e0d7fbd9752b64ceb535d6c
35d82dc4c35439d76608ed1bde01f950
66447cb81ba159c23dd943a022f31442
64e479448dad40dcc20f9cbc156d13f5
0d8c19c59d0775d5e3b09483efa3d9a2
2.4.18-bf2.4
!ad60c9cc9dd621c1dcf64872f5ba8522
2.6.8-1-386
!3e28ae9c54a7a962ac00c4f1a4ffd5c8
2.6.10-1-386
!