wIDSard is a host-based
Intrusion Detection System for i386 Linux platform. It intercepts, at user level, system calls specified in a configuration file written by the user. It is based on strace source for syscall interception. A finite-state automata is used to trace the monitored process. The language used for the configuration file is regular expression based. If a particular sequence of system calls is intercepted, then an appropriate action could be executed (kill the process, log...) Requirements:
Released version 0.12
If you have some comments to do, or you wanna ask something about wIDSard feel free to contact stefano.frassi[AT]iit.cnr.it
|
|
||
Example of rules file 2 | |||
Example of rules file 3 | |||
wIDSard language (Italian) | |||