(Please excuse my poor English)
Hi... I am a newbie for grsecurity.
I'm performing a project that builds stand-alone IPS(Intrusion Prevention System/Software) system using Suricata,
now.
For self protection of the IPS system, I'm planning to install MAC(Mandatory Access Control) and HIDS(Host-based
Intrusion Detection Software) at the IPS system. And I could know about grsecurity as a MAC, and I am astonished
that grsecurity has a lot of functions though not well known than SeLinux.
I am considering OSSEC as HIDS. HIDS is very needed for my IPS system. Because if a attacker attempts to modify
or replace system files/commands, the administrator of my IPS system should know it and should prevent it. OSSEC
has sophisticate HIDS functions for my purporse.
However recently I could realize that the functions for my purpose(reporting and preventing attempts to modify or
replace system files/commands) are accomplished very efficiently if MAC supports the functions. But SeLinux is
very very complex, so I could not find ways for my purpose.
I could see the simple introductions for grsecurity functions at the homepage, and could not find suitable functions
for my purpose.
How do you think about grsecurity embracing basic HIDS functions?
(if grsecurity has already implemented the functions, reporting and preventing attempts to modify or replace
system files/commands, please let me know where I can find related information)