🛡️ HIDS Monitor for Raspberry Pi & OpenWrt
A lightweight Host-Based Intrusion Detection System (HIDS) built with Ruby + Sinatra for Raspberry Pi and OpenWrt. Monitors system logs for suspicious activity and sends real-time alerts via Telegram.
✅ Real-time Telegram notifications for SSH brute-force attacks
✅ Time window-based attack detection algorithm
✅ Monitors /var/log/auth.log for suspicious activity
✅ RESTful API for logging and alerts
✅ Works on Raspberry Pi and OpenWrt (future support)
✅ Planned: Attack visualization dashboard
sudo apt update && sudo apt install ruby-fullgem install bundler sinatra telegram-bot-rubygit clone https://github.com/v3rb4/hids-monitor.git
cd hids-monitor- Message
@BotFatheron Telegram - Use
/newbotcommand - Save the provided token
- Send a message to your bot
- Visit:
https://api.telegram.org/bot<YourBOTToken>/getUpdates - Find your
chat_idin the response
Edit server.rb:
TELEGRAM_BOT_TOKEN = 'YOUR_BOT_TOKEN'
TELEGRAM_CHAT_ID = 'YOUR_CHAT_ID'ruby server.rb➡ Open in browser: http://localhost:4567
ruby log_monitor.rb🚨 HIDS Alert!
Brute-force attack detected!
IP: 192.168.1.100
Attempts: 5 in last 5 minutes
| Setting | Default | Description |
|---|---|---|
ALERT_THRESHOLD |
5 |
Failed attempts before alert |
TIME_WINDOW |
300 |
Time window in seconds |
LOG_FILE |
/var/log/auth.log |
Log file path |
TELEGRAM_BOT_TOKEN |
nil |
Telegram bot token |
TELEGRAM_CHAT_ID |
nil |
Telegram chat ID |
sudo systemctl status rsyslogsudo grep "auth" /etc/rsyslog.confecho "Feb 03 14:22:10 raspberrypi sshd[3245]: Failed password for root from 192.168.1.50 port 54567 ssh2" | sudo tee -a /var/log/auth.logcurl -X POST "https://api.telegram.org/bot<YourBOTToken>/sendMessage" -d "chat_id=<YourChatID>&text=Test"✅ Advanced attack detection algorithms
✅ Web dashboard with attack statistics
✅ AbuseIPDB integration
✅ OpenWrt compatibility
✅ False positive reduction
✅ Attack database
✅ IP whitelist system
Released under the Creative Commons Zero (CC0) License – free to use and modify.