IDS – Intrusion Detection Systems

An IDS is a system to track any changes not planned to a system. It is often used on sensitive machines where any unauthorized access is purely prohibited but can also act as a fool-proof system, more like a monitoring system.

It works by checksumming or understanding the format of each file, and scrutinizing any suspect change to files. It is off course meant to report any abnormal activity.

There are many, many such tools, with various capabilities, for UNIX systems.

LIDS is such a system for GNU/Linux which needs a kernel patch to work


Logcheck is a log analyser

Logsurfer same as above

fcheck which can be used to monitor changes to any given filesystem

The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools

Prelude Hybrid IDS is an innovative Hybrid Intrusion Detection system designed to be very modular, distributed, rock solid and fast

MIDAS is a cross platform Monitoring and NIDS server. The goal of this project is to build a robust and complete network/system monitoring suite that is capable of scaling to very large networks.

Tripwire can be used to monitor changes to any given set of files or directories

chkrootkit identifies whether the target computer is infected with a rootkit

This article was first written in October 2003 for
the BeezNest technical website (

Related Posts

NIDS – Network Intrusion Detection System

A NIDS is a Network Intrusion Detection System, a system to detect intrusions...

BeezNest fixes new Chamilo security flaws in 48h

Secunia gave the Chamilo Security team full details of three security flaws detected...