The Poor Man's (or Woman's) Intrusion Detection System
  • Add comments to “dns” decision table
  • “dns.decided” field should default to the last hit in “connections”.
  • format table centered with the title.
  • Extend DNS mechanism to incorporate anonymous (no DNS) connections.
  • Daemonization mechanism to allow us to run as non-root.
  • C++CMS creates socket as original user:group (typically root:root). Yet the PID file is written as the requested user:group. This means that permissions on the socket have to be handled outside of C++CMS or it needs some patchery.
  • Tool to read JSON conf and supply values to “init” script.
  • Some list filtering tools in the WUI to target actions on specific subsets of DNS names