A HIDS (host-based intrusion detection system) for verifying the integrity of a system.
Features
- checks the integrity of system's files with a list of rules;
- checks the output of commands (iptables, ...);
- possibity to use RSA to sign to check the integrity of its database;
- alerts are written in the logs of the system;
- alerts can be sent via email to a list of users;
- alerts can be sent on IRC channels through the
irker IRC client (which should be running as
a daemon);
- verify files with Hashlookup,
Pandora,
MISP and
YARA;
- possibility to export the database in a Bloom or a Cuckoo filter.
pyHIDS is under GPLv3 license.
Homepage: https://github.com/cedricbonhomme/pyHIDS