Cheesewire

A modular intrusion detection system for Unix and Unix-like operating systems — developed initially for Solaris and Linux systems. As of 2006 Aug 22 there exist loadable modules which:

• monitor inode, MD5 checksum and other attributes of files and report on any changes found (cf. Tripwire) --- two frequencies of checks may be specified: one (smaller) set of files/directories is checked often and the second (larger) set less often;
  
  
• monitor all network connections and compare against configured signatures looking for the unexpected;
  
  
• monitor all (usually) root-owned processes, comparing against configured signatures — these include all files (and soon network connections) opened by these processes — looking for the unexpected;
  
  
• monitor given directories for open files;
  
  
• monitor system log files for tampering (deletion of entries).

Cheesewire is free, open-source software; it is released under the GPL. Download from here.

• Overview
• Installation, Configuration and Use
• Debug Modes and Configuration
• Daemon versus Cron
• Limitations
• Files Overview
• Version History
• To Do
• References
• Thanks

• Current Loadable Modules: Summary
• Cheesewire: Tripwire-Like Functionality
• Net Conns
• Open Files
• Procs
• Log Monitoring
• Planned Modules

• Sigs
• Template
• State

• Netstat
• Lsof

• Logs