FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-04-2010, 09:29 PM
Mike McCarty
 
Default Intrusion Detection

Jim Perrin wrote:
> On Thu, Mar 4, 2010 at 5:02 PM, Dan Burkland <dburklan@nmdp.org> wrote:
>> Hello all,
>>
>> I have been exploring the various intrusion detection systems
>> available for the Linux platform and was wondering what ones you
>> all would recommend? I have used AIDE before and while it is
>> extremely easy to setup, it does not support the ability to send
>> alerts as files are changed (allows one to be aware of an intrusion
>> almost immediately).

> You can use auditd to watch specific files if you're after some key
> things. Beyond that I just use aide.

I like tripwire and rkhunter.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){pri ntf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-04-2010, 09:34 PM
Rob Kampen
 
Default Intrusion Detection

Dan Burkland wrote:

Hello all,

I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).



I use aide and ossec to get the warnings

Thank you,

Dan Burkland

_______________________________________________

CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-05-2010, 06:08 AM
Rajagopal Swaminathan
 
Default Intrusion Detection

Greetings,

On Fri, Mar 5, 2010 at 3:32 AM, Dan Burkland <dburklan@nmdp.org> wrote:
> Hello all,
>
> I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).


inotify perhaps?

Regards

Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-05-2010, 06:15 AM
Bazy
 
Default Intrusion Detection

On Fri, Mar 5, 2010 at 12:02 AM, Dan Burkland <dburklan@nmdp.org> wrote:
> Hello all,
>
> I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
>
> Thank you,
>
> Dan Burkland

Hello Dan,

For auditing your entire network for patches / vulnerabilities I
recommend you use Nessus. For server protection you can use tripwire
and clamav. Clamav can detect and block most rootkits and exploit
code, therefor the attacker will not be able to execute it.
Theoretically... :-)

Best regards,
Bazy
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-05-2010, 06:50 PM
Nux
 
Default Intrusion Detection

On Thu, 4 Mar 2010, Dan Burkland wrote:


Hello all,

I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).

Thank you,

Dan Burkland
*
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



Try OSSEC, seems nice.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-05-2010, 07:23 PM
Dan Burkland
 
Default Intrusion Detection

> -----Original Message-----
> From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
> Behalf Of Nux
> Sent: Friday, March 05, 2010 1:51 PM
> To: centos@centos.org
> Subject: Re: [CentOS] Intrusion Detection
>
> On Thu, 4 Mar 2010, Dan Burkland wrote:
>
> > Hello all,
> >
> > I have been exploring the various intrusion detection systems available
> for the Linux platform and was wondering what ones you all would
> recommend? I have used AIDE before and while it is extremely easy to
> setup, it does not support the ability to send alerts as files are changed
> (allows one to be aware of an intrusion almost immediately).
> >
> > Thank you,
> >
> > Dan Burkland
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
> Try OSSEC, seems nice.

Thank you all for your suggestions, I have been evaluating OSSEC so far and like it quite a bit. I just need to figure out how to get it to email me nightly reports of all modifications to the file system every night like I did with AIDE.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org