Poor Man's IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Instead of only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found (if anything).
|Tags||Security Monitoring Systems Administration|
Release Notes: A GPG bug and grabbing of md5 sigs from the Web site have been fixed. The default email address for reports is now 'root'.
Release Notes: This release adds kernel commandline checking, listing of remote logins, remote root login detection, listing of loaded modules, and cryptographic signatures of the file database.
Release Notes: This release has remote login checking, crash detection, and a better list of files.
Release Notes: A new self-check portion and a new ability to pull signatures from a remote location (default is the author's Web site, and you must have wget for this feature to work).
Release Notes: Most configuration was moved into a central file. A problem with mode change checking was fixed.