OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. Reproducible: Always
Thant looks interesting, though complex task. I'll try to give it a stab in a couple of days.
It is referenced here https://github.com/ossec/ossec-hids/issues/978 as well, though upstream devs have no access to Gentoo.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fcab634ffa351e9821d8ae2539aef280f751a25 commit 9fcab634ffa351e9821d8ae2539aef280f751a25 Author: Ralph Seichter <github@seichter.de> AuthorDate: 2018-10-20 19:30:21 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-10-30 10:27:49 +0000 net-analyzer/ossec-hids: open source HIDS (new package) OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution. Signed-off-by: Ralph Seichter <gentoo@seichter.de> Closes: https://bugs.gentoo.org/545788 Package-Manager: Portage-2.3.49, Repoman-2.3.11 Closes: https://github.com/gentoo/gentoo/pull/10189 Signed-off-by: Michał Górny <mgorny@gentoo.org> net-analyzer/ossec-hids/Manifest | 1 + net-analyzer/ossec-hids/files/makefile.patch | 28 ++++++++++ net-analyzer/ossec-hids/metadata.xml | 30 +++++++++++ net-analyzer/ossec-hids/ossec-hids-3.1.0.ebuild | 68 +++++++++++++++++++++++++ 4 files changed, 127 insertions(+)
