Download

wIDSard is a host-based Intrusion Detection System for i386 Linux platform.

It intercepts, at user level, system calls specified in a configuration file written by the user. It is based on strace source for syscall interception. A finite-state automata is used to trace the monitored process. The language used for the configuration file is regular expression based.

If a particular sequence of system calls is intercepted, then an appropriate action could be executed (kill the process, log...)

Requirements:

  • Linux Kernel >= 2.2.x
  • it doesn't require Kernel modification (it needs only Kernel source to compile)
  • a quite good knowledge of Linux system calls to compile a configuration file

 

 

 

 

Released version 0.12

 

 

 

If you have some comments to do, or you wanna ask something about wIDSard feel free to contact stefano.frassi[AT]iit.cnr.it

 

Authors

 

wIDSard language

Example of rules file 1

Example of rules file 2
Example of rules file 3
wIDSard language (Italian)
   
 
SourceForge.net Logo