Contributed by jose on from the new-IDS dept.
fupids creates profiles for every user who does an execve() syscall on obsd systems. it isn't complete at the moment (see last section of this mail) but i just would see if there is an interest from the developers to include some code like this.The project is coming along and has some overlap with systrace , but it could be a neat way to learn about host based IDS implementations. If this is your thing, this may be worth checking out.
(Comments are closed)
By Anonymous Coward () on
By brian () on
Comments
By Cr0N1C () on
Comments
By Anonymous Coward () on
really ? cool !
Do you think I have this in my kernel and then do a full rebuild of the system and not be flagged as an attacker ?
By sicon () on
By gwyllion () on
Comments
By sicon () on