Project

General

Profile

TinyIDS

Attention icon Important Notice about the current Status of the Software and Documentation
TinyIDS should be considered alpha software. Although it's fully functional, it is not currently suitable for use in production. Also, all wiki content should be considered as work-in-progress.

Welcome to the development web site of TinyIDS.

TinyIDS is a distributed Intrusion Detection System (IDS) for Unix systems.

It is based on the client/server architecture and has been developed with security in mind. The client, tinyids, collects information from the local system by running its collector backends. The collected information may include anything, from file contents to file metadata or even the output of system commands. The client passes all this data through a hashing algorithm and a unique checksum (hash) is calculated. This hash is then sent to one or more TinyIDS servers (tinyidsd), where it is compared with a hash that had previously been stored in the databases of those remote servers for this specific client. A response indicating the result of the hash comparison is finally sent back to the client. Management of the remotely stored hash is possible through the client's command line interface. Communication between the client and the server can be encrypted using RSA public key infrastructure (PKI).

TinyIDS is written in Python and is released as open-source software under the terms of the Apache license version 2.

Goals

The TinyIDS Project is committed to provide an intrusion detection solution which is:

  • distributed to several systems, which makes it very credible,
  • lightweight,
  • accurate in determining whether a system has changed or not,
  • secure when sensitive data is exchanged across the network,
  • easy to configure and deploy,
  • extensible.

Features

  • Client/Server architecture - Information is distributed among several systems which dramatically increases the credibility of TinyIDS.
  • TinyIDS Protocol - The server and client communicate using a documented protocol. This makes it possible to develop custom clients.
  • Many internal collector backends - The TinyIDS distribution ships with several collector backends.
  • Supports custom backends - It is very easy to develop custom collector backends.
  • Encrypted Client-Server Communication - Secure data exchange between the client and server using public key infrastructure (PKI).
  • Interface for management of the remotely stored information - Management of the remotely stored hash using the TinyIDS client's command line interface.
  • Open-source - TinyIDS is released under the terms of the Apache License version 2.

Starting Points