intrusion detection system?

This is a discussion on intrusion detection system? within the Linux Security forums, part of the System Security and Security Related category; What is an easy to install and configure linux intrusion detection system? (I am using Mandrake 9.2 but plan ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page intrusion detection system?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 07-18-2005
Proteus
 
Posts: n/a
Default intrusion detection system?
What is an easy to install and configure linux intrusion detection system?
(I am using Mandrake 9.2 but plan to upgrade soon to Mandriva LE2005)
Reply With Quote
  #2 (permalink)  
Old 07-19-2005
Felix Tilley
 
Posts: n/a
Default Re: intrusion detection system?
On Sun, 17 Jul 2005 20:42:58 -0500, Proteus wrote:

> What is an easy to install and configure linux intrusion detection system?
> (I am using Mandrake 9.2 but plan to upgrade soon to Mandriva LE2005)

I haven't used Mandrake for a while, but I think earlier versions included
intrusion detection software.

--
Felix Tilley
MAJ, LARTvocate
Fanatic Legions
1-800-555-LART

Reply With Quote
  #3 (permalink)  
Old 07-20-2005
Walter Mautner
 
Posts: n/a
Default Re: intrusion detection system?
Proteus wrote:

> What is an easy to install and configure linux intrusion detection system?
> (I am using Mandrake 9.2 but plan to upgrade soon to Mandriva LE2005)

Have that one here, and portsentry still does a good job.
Primary concern however is to configure your services to not allow access
from the outside unless really needed, and protect them as much as
possible. tcpwrappers (hosts.deny/allow) and xinetd "only_from" entries
come to my mind first).
Also run chkrootkit regularly, and configure shorewall rules.
For "post mortem" intrusion detection there is tripwire, as an example.
--
Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
detected penguin patterns on mousepad. Partition scan in progress
*to*remove*offending*incompatible*products.**React ivate*MS*software.
Linux woodpecker.homnet.at 2.6.12-mm2[LinuxCounter#295241,ICQ#4918962]
Reply With Quote
  #4 (permalink)  
Old 07-23-2005
Roger Parks
 
Posts: n/a
Default Re: intrusion detection system?


Proteus wrote:
> What is an easy to install and configure linux intrusion detection system?
> (I am using Mandrake 9.2 but plan to upgrade soon to Mandriva LE2005)

Snort. It'll look for suspicious communications (signatures) entering
and leaving your box, as well as network entities attempting to break
in through exploits.

Samhain. It'll run integrity checks, plus do real-time monitoring for
some kinds of rootkit activity.

Have had good experiences with the above.

Best to "harden" your kernel with overflow protection, role-based
access rules, executable realtime "crc" checking, etc. I'm a newbie
and can't be much help here .... Gentoo is pursuing this, along with
others.

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 09:39 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0