Reference no: EM132301801
Host-based IDS - Course Project
1 PROJECT OVERVIEW
The main objective of this course project is to apply the theoretical knowledge learned in the class on intrusion detection system and cryptography towards developing a practical system. Your task is to create a host-based intrusion de- tection application in shell script. The purpose of the application is to help an administrator in monitoring the file systems on a computer to detect changes to files, i.e., to detect possible intrusions. The application has the following two parts.
1. creation of a list (usually a text file) of file names and their attributes, and
2. stepwise testing of all the files included in the list.
For your reference, one of the widely used commercial host-based IDS is Trip- wire [5]. An open source version of Tripwire is also available at Github [3]. A number of similar applications also exist, for example GNU-licensed software AIDE (Advanced Intrusion Detection Environment) [1]. Other file integrity tools can also be found on the Internet, e.g., FCheck [2] and sXid [4].
2 TERMINOLOGIES
A verification file is a text file containing a list of names of files and directo- ries and their properties. This file is the output generated by your application. This verification file has to be generated before checking for possible intru- sions. During verification, the entries of the verification file are compared to the actual file system. If an entry matches the current properties of a file or directory in the file system, verification of that file/directory succeeded. The properties describe about different kinds of files and links, for example regular files, symbolic link files, or directory files.
3 REQUIREMENTS
The application must be written in shell script that can run in shell script. Other script languages (Perl, Ruby, etc.) or programming languages (C, C++, Java, etc.) are also not accepted.
DATA COLLECTION
You must create a directory including a number of files and directories. Sev- eral pieces of information about files and directories (e.g., file type, access control, word count, owner, last date of modification etc.) are to be collected by your script. The collected information should be stored in a text file which is later used by the script to verify the files, directories, etc., included in the output file.
Checksums, e.g., MD5 and SHA-1, should be calculated for all regular files. The following information should be collected about all regular files, directory
files and symbolic links:
• full path and file name
• file type, one of the appropriate strings: regular file, directory, symlink
• access mode, in text format (e.g. -rwxr-r-)
• owner id and group id
• time of last modification and last file status change
Your script may change the modification time of files and directories during execution. This is not acceptable and is one of the challenges that your script will have to manage.
COMMAND LINE OPTIONS
The application must support at least the following command line options:
Options
|
Meaning
|
-c name
|
Create a verification file called 'name' also display a message "File created"
|
-o name
|
Display the results on the screen also save the outputs to an output file
|
ALLOWED TOOLS
It is allowed to use the Bourne shell and the standard tools included in the Ubuntu. The following commands/programs are examples, and recommen- dations, of such programs:
• access, awk, chflags, echo, file, less, ls, md5, more, printf, sed, sort, touch, wc
• Manual pages are available for all of these programs. Use the man pro- gram to access them (read man's manual if you have not used it before: type man man).
4 REPORT
The report should include a cover page (with submission details, name, id, date, course code etc.), an introduction, explanation of different modules of the program, findings, and a summary (length of the report should be within 5 pages, not counting the cover page and appendix).
Attachment:- Applied Network Security.rar