Contributed by jose on from the new-IDS dept.
fupids creates profiles for every user who does an execve() syscall on obsd systems. it isn't complete at the moment (see last section of this mail) but i just would see if there is an interest from the developers to include some code like this.The project is coming along and has some overlap with systrace , but it could be a neat way to learn about host based IDS implementations. If this is your thing, this may be worth checking out.
(Comments are closed)