SID-IDS is a PTY host intrusion detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes) and takes appropriate action upon unexpected log entries.
|Tags||Security Monitoring Terminals|
|Operating Systems||POSIX Solaris Linux|
Release Notes: The user part now supports privilege separation. A fix on the Linux 2.6 kernel part makes sure multicharacter input in the read buffer is handled correctly.
Release Notes: This release comprises packaging support for Debian systems with 2.6 kernels. A binary Debian SID kernel package for 2.6 kernels is also included (though it will probably only work with kernel version 2.6.8-1-386 #1).
Release Notes: This release comprises first-time x86 Linux 2.6 kernel support. A minor bugfix in the user part concerning segfaults for the SHA-1 passphrase creation mode is applied as well.
Release Notes: The option to syntax check a configuration file has been added to the user part. A HUP signal sent to the (user) daemon reloads the configuration or loads a new configuration. As for bugfixes, children (leftover from automated actions) are now collected by the parent; some code cleanup was applied to the user tree in order to remove remainders of the original 'allowed commands' feature. There were no changes for the kernel parts (neither Solaris nor Linux 2.4).
Release Notes: The user part shouldn't crash anymore when executing automated actions upon intrusions. The '-s' command line flag should now work as advertised in the usage.