#########################################################
Read Me file for IDS perl modules
#########################################################

There are 3 perl modules used, namely, Host, Intruder
and IDS. The perl modules need to be run in certain 
order to work. This is because socket connections 
need to be set up between the different modules.

First you run Host.pl which is the server. Then you 
can run IDS.pl and Intruder.pl in any order. You need
to have MD5 digest module and ECB crypt module 
installed before you can run the programs. These 
modules are used to create digests of files and to
encrypt the digests to store them securely. The 
modules are currently designed to run on 
pikespeak.uccs.edu because that was the only machine
with the required perl modules loaded. If you have the
modules loaded on a different machine you can change
the code for Host.pl and IDS.pl to make a connection
to the desired machine.

Host.pl
This is the server that Intruder.pl and IDS.pl connect 
to. You have to run this first. It will wait for clients
to make connections. It will respond to read and update
commands from the client and the allclear and intrusion
commands from the IDS. For the read command the host 
checks if file exists. If it does it makes a log entry
with the file name and the client name. For the update
command it opens the file and adds an extra line to the
file. It makes a og entry with the file name and the 
client name. For the allclear command it makes an entry
in the log table saying allclear. For the intrusion
command it makes a note in the log saying intrusion has
occured and the name of the file modified. The server is
shutdown so that no one can read the modified data. Each
log entry also includes a timestamp of when the incident
occured.

Intruder.pl
This is the client program. Enter the open command to 
begin. It will ask which machine you want to connect to. 
Type in the name of the machine Host is running on 
(pikespeak or any other machine Host.pl is running on)
Once the connections are set up you can either type in 
the read or the update command. Both will ask for a file
name. 

IDS.pl
This program uses a configuration file that contains a
list of files to be monitored. The given config file
contains secure1.txt and secure2.txt as files to check.
It creates a hash for each file using MD5. It encrypts 
the hash using AES and stores the results in a file
called <FILENAME>.hash. The IDS runs every 5 seconds.
For each secure file it rehashes the files. It opens 
the file containing the original hash in encrypted
form and decrypts it. It compares this hash to the 
recalculated one. If they are the same it moves to
the next file. When all the files are secure at the 
end of an iteration, it sends an allclear message to
the host. If any of the hashes don't match it sends a
intrusion message to the host. It displays the name of
the modified file and the time of the incident.


Feel free to copy these files and modify them. These are
a lot of enhancements that can be added as part of future
semester projects.