An IDS is a system to track any changes not planned to a system. It is often used on sensitive machines where any unauthorized access is purely prohibited but can also act as a fool-proof system, more like a monitoring system.
It works by checksumming or understanding the format of each file, and scrutinizing any suspect change to files. It is off course meant to report any abnormal activity.
There are many, many such tools, with various capabilities, for UNIX systems.
LIDS is such a system for GNU/Linux which needs a kernel patch to work
AIDE
Logcheck is a log analyser
Logsurfer same as above
fcheck which can be used to monitor changes to any given filesystem
The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools
Prelude Hybrid IDS is an innovative Hybrid Intrusion Detection system designed to be very modular, distributed, rock solid and fast
MIDAS is a cross platform Monitoring and NIDS server. The goal of this project is to build a robust and complete network/system monitoring suite that is capable of scaling to very large networks.
Tripwire can be used to monitor changes to any given set of files or directories
chkrootkit identifies whether the target computer is infected with a rootkit
This article was first written in October 2003 for the BeezNest technical website (http://glasnost.beeznest.org/articles/87)
