cross-posted from: https://lemmy.ml/post/7283249

A HIDS (host-based intrusion detection system) for verifying the integrity of a system.

Features

• checks the integrity of system’s files with a list of rules;
• checks the output of commands (iptables, …);
• possibity to use RSA to sign to check the integrity of its database;
• alerts are written in the logs of the system;
• alerts can be sent via email to a list of users;
• alerts can be sent on IRC channels through the irker IRC client (which should be running as a daemon);
• verify files with Hashlookup, Pandora, MISP and YARA;
• possibility to export the database in a Bloom or a Cuckoo filter.

pyHIDS is under GPLv3 license.

Homepage: https://github.com/cedricbonhomme/pyHIDS