TinyIDS: Distributed intrusion detection system
TinyIDS is a distributed Intrusion Detection System (IDS) for Unix systems.
It is based on the client/server architecture and has been developed with security in mind. The client, tinyids, collects information from the local system by running its collector backends. The collected information may include anything, from file contents to file metadata or even the output of system commands.
The client passes all this data through a hashing algorithm and a unique checksum (hash) is calculated. This hash is then sent to one or more TinyIDS servers (tinyidsd), where it is compared with a hash that had been previously stored in the databases of those remote servers for this specific client. A response indicating the result of the hash comparison is finally sent back to the client.
Management of the remotely stored hash is possible through the client’s command line interface. Communication between the client and the server can be encrypted using RSA public key infrastructure (PKI).
TinyIDS is written in Python and is released as open-source software under the terms of the Apache License version 2.