Erlang Distributed Intrusion Detection System

edids is released under the GNU GPL v3.0, see COPYING

Contact me via Tickets for alternate licensing arrangements (likely fee-based).

What it does - edids monitors attempts to compromise *nix systems and, depending on the source IP of the attempt, will block the IP. If configured on multiple different servers, edids will send notifications to its 'buddies' of IPs from which a compromise attempt was made, and each server can block the IP or not. There is granularity as to which buddy gets sent what (e.g. a spam IP might only get sent to other mail_buddies, not all buddies).

Currently edids monitors local log files (and messages from buddy nodes). edids is designed so new modules can be integrated to receive information from other sources, for example, snort http://snort.org.

edids writes to an RSS 2.0 xml file and uses inets to provide the RSS feed on port 8888 by default to only "localhost" (configurable). Here is the feed for edids.org

A configuration file, edids.conf (see history) is used for customization on a per-node basis. See also future_directions, ssl and mmcdaniel.com .