All Projects → cedricbonhomme → pyHIDS

cedricbonhomme / pyHIDS

Licence: GPL-3.0 License
A HIDS (host-based intrusion detection system) for verifying the integrity of a system.

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to pyHIDS

Libellux-Up-and-Running
Libellux: Up & Running provides documentation on how-to install open-source software from source. The focus is Zero Trust Network to enhance the security for existing applications or install tools to detect and prevent threats.
Stars: ✭ 19 (-38.71%)
Mutual labels:  intrusion-detection, hids
Fail2ban
Daemon to ban hosts that cause multiple authentication errors
Stars: ✭ 6,677 (+21438.71%)
Mutual labels:  intrusion-detection, hids
Yulong Hids
一款由 YSRC 开源的主机入侵检测系统
Stars: ✭ 1,938 (+6151.61%)
Mutual labels:  intrusion-detection, hids
Ossec Hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Stars: ✭ 3,580 (+11448.39%)
Mutual labels:  intrusion-detection, hids
yulong-hids-archived
[archived] 一款实验性质的主机入侵检测系统
Stars: ✭ 2,079 (+6606.45%)
Mutual labels:  intrusion-detection, hids
irc-go
Libraries to help with IRC development in Go.
Stars: ✭ 22 (-29.03%)
Mutual labels:  irc
crypton
A simple Dart library for asymmetric encryption and digital signatures
Stars: ✭ 25 (-19.35%)
Mutual labels:  rsa-signature
MStream
Anomaly Detection on Time-Evolving Streams in Real-time. Detecting intrusions (DoS and DDoS attacks), frauds, fake rating anomalies.
Stars: ✭ 68 (+119.35%)
Mutual labels:  intrusion-detection
wazuh-puppet
Wazuh - Puppet module
Stars: ✭ 25 (-19.35%)
Mutual labels:  intrusion-detection
SupyPlugins
A collection of plugins for the Limnoria IRC bot.
Stars: ✭ 31 (+0%)
Mutual labels:  irc
suspicious login
Detect and warn about suspicious IPs logging into Nextcloud
Stars: ✭ 45 (+45.16%)
Mutual labels:  intrusion-detection
NIDS-Intrusion-Detection
Simple Implementation of Network Intrusion Detection System. KddCup'99 Data set is used for this project. kdd_cup_10_percent is used for training test. correct set is used for test. PCA is used for dimension reduction. SVM and KNN supervised algorithms are the classification algorithms of project. Accuracy : %83.5 For SVM , %80 For KNN
Stars: ✭ 45 (+45.16%)
Mutual labels:  intrusion-detection
GitHub-WebHook
🐱 Validates and processes GitHub's webhooks
Stars: ✭ 25 (-19.35%)
Mutual labels:  irc
lita-irc
An IRC adapter for Lita.
Stars: ✭ 19 (-38.71%)
Mutual labels:  irc
mesh-botnet
🐍 Proof-of-concept python IRC botnet for orchestrating macOS computers (harmless due to SIP & Gatekeeper)
Stars: ✭ 73 (+135.48%)
Mutual labels:  irc
ehids
A Linux Host-based Intrusion Detection System based on eBPF.
Stars: ✭ 210 (+577.42%)
Mutual labels:  hids
vagrant-ids
An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk
Stars: ✭ 21 (-32.26%)
Mutual labels:  intrusion-detection
IceChat
IceChat IRC Client
Stars: ✭ 68 (+119.35%)
Mutual labels:  irc
Lith
WeeChat relay client
Stars: ✭ 32 (+3.23%)
Mutual labels:  irc
godot-twicil
Godot TwiCIL – Godot Twitch Chat Interaction Layer
Stars: ✭ 57 (+83.87%)
Mutual labels:  irc

pyHIDS

Presentation

pyHIDS is a HIDS (host-based intrusion detection system) for verifying the integrity of a system. It uses an RSA signature to check the integrity of its database. Alerts are written in the logs of the system and can be sent via email to a list of users. You can define rules to specify files to be checked periodically.

It is recommended to use Python >= 3.3.

Features

  • checks the integrity of system's files with a list of rules;
  • checks the output of commands (iptables, ...);
  • uses an RSA signature to check the integrity of its database;
  • alerts are written in the logs of the system;
  • alerts can be sent via email to a list of users;
  • alerts can be sent on IRC channels through the irker IRC client (which should be running as a daemon);
  • alerts can be sent to a Bitmessage address.

Requirement

pyHIDS only requires the Pure-Python RSA implementation.

$ sudo pip install rsa

Configuration

The configuration is really easy. First get pyHIDS source code and copy the sample configuration file:

$ git clone https://github.com/cedricbonhomme/pyHIDS.git
$ cd pyHIDS/
$ cp ./conf.cfg-sample ./conf.cfg

Then edit the file conf.cfg:

[globals]
nb_bits = 752
[irc]
channel = irc://chat.freenode.net/#testpyHIDS
host = localhost
port = 6659
[email]
enabled = 0
mail_from = [email protected]
mail_to = you_address
smtp = SMTP_server
username = your_username
password = your_password
[bitmessage]
from = BM-2DCutnUZG16WiW3mdAm66jJUSCUv88xLgS
to = BM-Gtsm7PUabZecs3qTeXbNPmqx3xtHCSXF
enabled = 0
apiport = 8442
apiinterface = 127.0.0.1
apiusername = chelsea
apipassword = YourSuperPassw6rd-ChangeThIs-022w3eksssoQAWfasddswwWIU
[files]
file1 = /etc/crontab
file2 = /boot/grub/grub.cfg
file3 = /etc/shadow
file4 = /etc/networks
[rules]
rule1 = conf$ /etc
rule2 = list /etc/apt
rule3 = .* /bin
[commands]
iptables = /sbin/iptables -L

Description of the sections:

  • globals: set the number of bits of the RSA keys;
  • irc: configure notifications sent via IRC;
  • email: configure the email notifications. Set the value of "enabled" to 1 to activate notifications;
  • bitmessage: configure notifications sent via Bitmessage (more information);
  • files: list of files to scan;
  • rules: regular expression to specify files in a folder;
  • commands: command's output to check.

Example of use

$ ./genKeys.py
Generating 752 bits RSA keys ...
Dumping Keys
Done.

$ ./genBase.py
Generating database...
543 files in the database.

$ ./pyHIDS.py

Modify a character in the file /etc/httpd/conf/httpd.conf and relaunch the program:

$ ./pyHIDS.py
[01/03/13 15:05:31] [warning] /etc/httpd/conf/httpd.conf changed.

The program warns that the file has changed. When this happens, a warning is generated in the logs /var/log/syslog and a mail is sent to the administrator. If no change is detected only the log file is updated.

Automatic execution

Use the time-based job scheduler, Cron, in order to schedule system scans. In your shell enter the command:

$ crontab -e

And add the following line to check the integrity of the system every fifty minutes:

*/50 * * * * cd $pyHIDS_path ; ./pyHIDS.py

After each system check, pyHIDS sends a report to the administrators. In the case of an attacker who has deleted the cron line, for example.

License

pyHIDS is under GPLv3 license.

Copyright (C) 2010-2018 Cédric Bonhomme

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].