Forrest is a host based intrusion detection using enhanced bsd process accounting files to spot unusual process trees (ex: httpd calling something it never called before). It works in combination with the vserver project.
Here is complete introduction to the project: principle.pdf.
Here is the kernel patch that sits on top of the kernel vserver patch (from kernel 3.13.11): forrest-kernel-patch.diff.
Packages for Centos 6.5 64 bits may be found here (compiled by me). You need linuxconf-lib and forrest.
Source is available using subversion here.