|wIDSard is a host-based
Intrusion Detection System for i386 Linux platform.
It intercepts, at user level, system calls specified in a configuration file written by the user. It is based on strace source for syscall interception. A finite-state automata is used to trace the monitored process. The language used for the configuration file is regular expression based.
If a particular sequence of system calls is intercepted, then an appropriate action could be executed (kill the process, log...)
Released version 0.12
If you have some comments to do, or you wanna ask something about wIDSard feel free to contact stefano.frassi[AT]iit.cnr.it
|Example of rules file 2|
|Example of rules file 3|
|wIDSard language (Italian)|