A modular intrusion detection system for Unix and Unix-like operating
systems — developed initially for Solaris and Linux systems. As of
2006 Aug 22 there exist loadable modules which:
- monitor inode, MD5 checksum and other attributes of files
and report on any changes found (cf. Tripwire) --- two frequencies of
checks may be specified: one (smaller) set of files/directories
is checked often and the second (larger) set less often;
- monitor all network connections and compare against configured signatures
looking for the unexpected;
- monitor all (usually) root-owned processes, comparing against
configured signatures — these include all files (and soon network
connections) opened by these processes — looking for the unexpected;
- monitor given directories for open files;
- monitor system log files for tampering (deletion of entries).
Cheesewire is free, open-source software; it is released under the GPL.
Download from here.
Loadable ModulesSupport ModulesWrapper ModulesLogs, Warnings and the Log Module
About this document:
Produced from the SGML: /home/isd/public_html/_cheesewire/_reml_grp/index.reml
On: 4/9/2006 at 17:35:44
Options: reml2 -i noindex -l long -o html -p multiple