IDS – Intrusion Detection Systems

An IDS is a system to track any changes not planned to a system. It is often used on sensitive machines where any unauthorized access is purely prohibited but can also act as a fool-proof system, more like a monitoring system.

It works by checksumming or understanding the format of each file, and scrutinizing any suspect change to files. It is off course meant to report any abnormal activity.

There are many, many such tools, with various capabilities, for UNIX systems.

LIDS is such a system for GNU/Linux which needs a kernel patch to work


Logcheck is a log analyser

Logsurfer same as above

fcheck which can be used to monitor changes to any given filesystem

The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools

Prelude Hybrid IDS is an innovative Hybrid Intrusion Detection system designed to be very modular, distributed, rock solid and fast

MIDAS is a cross platform Monitoring and NIDS server. The goal of this project is to build a robust and complete network/system monitoring suite that is capable of scaling to very large networks.

Tripwire can be used to monitor changes to any given set of files or directories

chkrootkit identifies whether the target computer is infected with a rootkit

This article was first written in October 2003 for
the BeezNest technical website (
It's only fair to share...Share on Facebook
Tweet about this on Twitter
Share on LinkedIn
Share on Tumblr
Email this to someone

Leave a Reply

Your email address will not be published. Required fields are marked *