Host-based Intrusion Detection System for Linux Containers*
To use rhids, please make sure you have strace-docker installed. rhids depends on strace-docker for collecting system calls from running containers.
git clone https://github.com/amrabed/rhids && sudo ./rhids/install
sudo su
rhids -h
docker run -it --rm --name rhids -v /var/log/strace-docker:/var/log/strace-docker amrabed/rhids
* Implemented as part of my Ph.D. dissertation research. See this paper for more details