Common Security Checking Tool


The goal of this project is to develop a new, robust (not shell script based), security checking tool to monitor Debian systems for intrusion attempts. In essence, an intrusion detection tool. This tool, once developed, would replace the tool currently installed by default by debian (Checksecurity) which is somewhat limited and fragile.

This tool should be based on the experience derived from current existing tools. Including Checksecurity and Tiger which are already available in Debian. But the developer should also review what other projects are providing as the stock security check tool.

This tool should:

Notice that "security checks" are anything that affect availability, confidentiality and integrity. That is, this tool should not focus on being only a host-based intrusion detection (HIDS) tool.

Optionally, an integration layer should be implemented to make it possible to send and acknowledge security alerts in open-source information management systems currently available such as Prelude (through libprelude) and Ossim

This tool would eventually replace checksecurity and would be installed as part of the standard operating system so it should be able to work in very simple systems (i.e. just standard packages), even if some functionality would be only "activated" if additional libraries would be installed.