[rsbac] RSBAC HIDS ?

[frealek]

Hello,

Is anyone aware of Tiger's features as a HIDS ?
I wonder if it would be possible to integrate a host intrusion detection 
system into RSBAC's arch, because any user-land HIDS is not trustable, 
using it in a secure kernel would be great

What would be the best imho is to select a set of nice features from 
Tiger, seccheck (SUSE), checksecurity (OpenBSD), chkrootkit, rkhunter, 
... and create an RSBAC HIDS module


suggestions, critics, notes, all appreciated

PD : does this kind of stuff already exist in RSBAC ?