I know this is kind of an odd question. An IDS/IPS basically autonomously recognizes and optionally prevents intrusions.
And while SELinux and AppArmor seem to be trying to do the same, they are never labelled as IDS/IPS. Am I missing something? This is a purely academic question.
Would such tool be considered Host Based IDS/IPS?
Note that IDS (intrusion detection) and IPS (intrusion prevention) are not the same thing. Intrusion detection is typically more like a traditional virus scanner, it's going to scan for known bad patterns and alert you, but typically doesn't have the ability to prevent applications from taking certain actions.
AppArmor and SELinux proactively protect the OS and monitored applications from threats by enforcing good behavior and preventing some unknown attacks. These can both be considered a form of host based Intrusion Prevention, though you'll need to configure properly.
AppArmor security policies completely define what system resources individual applications can access and with what privileges.
If you're running a system with AppArmor, you can look /etc/apparmor.d/ for a list of the default profiles... You'll notice that most apps you have aren't actually covered.
Both SELinux and AppArmor are more closely related to the idea of "sandboxing" than to the idea of "scanning for an intrusion". Your not going to get alerts that pop up saying:
Potentially bad dude is doing potentially dangerous thing
[_]Allow[_]Deny
Rather, when actually running these systems in enforcing mode, apps will silently not be permitted permission to do many things. You'll want to check out the logs to see exactly what is denied. Typically before turning these on (or up) you'll want to run in "complaining mode" (AppArmor) or "permissive mode" (SELinux) to allow them to run with your configured permissions settings, but only to log about denied access rather than outright denying access. Otherwise you're likely to cause your system to hang.
