Erlang Distributed Intrusion Detection System
The code is designed to be run on a single, or multiple machine(s) connected to the Internet. edids will detect compromise attempts on the machine on which it is running. The default response is simply to block that IP (Internet Protocol) address. If other machines are running and configured as 'buddies' then they can be notified of the bad actor IP via events or email. The notified buddy can then decide what response to take.
edids is configurable, and whitelists are possible (and advisable). edids is also extensible. For example, a new compromise check can be added, or a new response to a compromise.
I discovered Erlang as a fluke, and started writing edids in 2005'ish to learn it, running edids for a few years on machines connected to the Internet on various subnets. Note that I am not affiliated with Ericsson or Erlang other than that Erlang got me interested in software creation again after a numerous months hiatus. Erlang offered reliability without all the effort I had previously put forth.
I have not upgraded or compiled edids with contemporary Erlang (or other BEAM based languages) for many years. It was written on and for GNU/Linux with no regard for Operating System portability. Some of my early work and testing resulted in one or more minor changes/additions to Erlang with regard to network and security by the marvelous folks at the original Ericsson Computer Science Laboratory/OTP (Open Telecom Platform). Some more interesting BEAM history is here.
Hopefully the code will be useful for someone to learn from and/or use in more contemporary anti-intrusion suites.
There are some obsolete URLs and information in some files so I am 'cleaning it up' a bit before I upload the files.
I think the GNU Affero Public License v3.0 or greater is a more apropos license for this code than simply the GNU Public License v3.0 or greater. Currently references to GNU Public License v3.0 is embedded in various files so I will probably update that before I upload the source.