GitHub - fcracker79/dite: An Intrusion Detection System for Linux kernel 2.4.0

fcracker79 / dite Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

An Intrusion Detection System for Linux kernel 2.4.0

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
.github/workflows		.github/workflows
devel		devel
man		man
.clang-format		.clang-format
.gitignore		.gitignore
Changes		Changes
GPL		GPL
INSTALL		INSTALL
Makefile		Makefile
QuickStart		QuickStart
README		README
TODO		TODO
algo.c		algo.c
algo.h		algo.h
client.c		client.c
client.h		client.h
cocito.conf		cocito.conf
common.c		common.c
common.h		common.h
comms.h		comms.h
dite.conf		dite.conf
files.c		files.c
files.h		files.h
kernel.c		kernel.c
kernel.h		kernel.h
net.c		net.c
net.h		net.h
parse.c		parse.c
parse.h		parse.h
rsa.c		rsa.c
rsa.h		rsa.h
server.c		server.c
server.h		server.h
ssl.c		ssl.c
ssl.h		ssl.h
tcp.c		tcp.c
tcp.h		tcp.h
time_queue.c		time_queue.c
time_queue.h		time_queue.h
udp.c		udp.c
udp.h		udp.h

Repository files navigation

Dite is a distributed intrusion detection system for
Linux 2.4.x based architectures.

It consists of two programs:

(1) Dite
    periodically gets the host system status (kernel & modules info,
    tcp/udp offered services, CRC for specified directory subtrees)
    and send it to Cocito, waiting for acknowledgement.

(2) Cocito
    receives host system status from Dite and compares it wih a previously
    stored one. On comparison error, it generates a
    syslog warning and replies to Dite with a negative acknowledgement.

Source code written in C. Comments in english.
Required libraries:
	* crypto
	* pthread
	* zlib

Please read manpages:

	nroff man/* -man | more      /* from the source root directory */