IDSA is part of my research project. I am investigating how 
a log or audit system can be extended into a reference monitor
and IDS.

Officially IDSA is a stateful, extensible and voluntary
userland reference monitor with logging and extended response 
capabilities. 

But you can think of it as a syslogd with attitude, or maybe
an application firewall. See doc/BLURB for some of its 
features.

To install read doc/INSTALL. You need to run Linux >= 2.2.x

Installation instructions for the impatient:

  ./configure ; make install

IDSA is released under the GNU GPL, except for the library
component which is released under the LGPL. See doc/GPL
and doc/LGPL.

IDSA has just emerged from a partial rewrite and is barely
alpha software. It has not been audited. See doc/WARNING
before trusting it.

IDSA is far from being complete. If you would like to help 
look at doc/TODO.

There is an IDSA mailing list. To subscribe send 
a message to idsa-list@jade.cs.uct.ac.za with the word
subscribe in the subject. The homepage of idsa is
http://jade.cs.uct.ac.za/idsa/

Marc
marc@jade.cs.uct.ac.za 
Cape Town, July 2000
