A HIDS written in Python - eviltoast

A HIDS (host-based intrusion detection system) for verifying the integrity of a system.

Features

  • checks the integrity of system’s files with a list of rules;
  • checks the output of commands (iptables, …);
  • possibity to use RSA to sign to check the integrity of its database;
  • alerts are written in the logs of the system;
  • alerts can be sent via email to a list of users;
  • alerts can be sent on IRC channels through the irker IRC client (which should be running as a daemon);
  • verify files with Hashlookup, Pandora, MISP and YARA;
  • possibility to export the database in a Bloom or a Cuckoo filter.

pyHIDS is under GPLv3 license.

Homepage: https://github.com/cedricbonhomme/pyHIDS