Jim Perrin wrote:
> On Thu, Mar 4, 2010 at 5:02 PM, Dan Burkland <dburklan@nmdp.org> wrote:
>> Hello all,
>>
>> I have been exploring the various intrusion detection systems
>> available for the Linux platform and was wondering what ones you
>> all would recommend? I have used AIDE before and while it is
>> extremely easy to setup, it does not support the ability to send
>> alerts as files are changed (allows one to be aware of an intrusion
>> almost immediately).
> You can use auditd to watch specific files if you're after some key
> things. Beyond that I just use aide.
I like tripwire and rkhunter.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){pri ntf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
03-04-2010, 09:34 PM
Rob Kampen
Intrusion Detection
Dan Burkland wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
I use aide and ossec to get the warnings
Thank you,
Dan Burkland
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
03-05-2010, 06:08 AM
Rajagopal Swaminathan
Intrusion Detection
Greetings,
On Fri, Mar 5, 2010 at 3:32 AM, Dan Burkland <dburklan@nmdp.org> wrote:
> Hello all,
>
> I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
inotify perhaps?
Regards
Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
03-05-2010, 06:15 AM
Bazy
Intrusion Detection
On Fri, Mar 5, 2010 at 12:02 AM, Dan Burkland <dburklan@nmdp.org> wrote:
> Hello all,
>
> I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
>
> Thank you,
>
> Dan Burkland
Hello Dan,
For auditing your entire network for patches / vulnerabilities I
recommend you use Nessus. For server protection you can use tripwire
and clamav. Clamav can detect and block most rootkits and exploit
code, therefor the attacker will not be able to execute it.
Theoretically... :-)
Best regards,
Bazy
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
03-05-2010, 06:50 PM
Nux
Intrusion Detection
On Thu, 4 Mar 2010, Dan Burkland wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
Thank you,
Dan Burkland
*
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Try OSSEC, seems nice.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
03-05-2010, 07:23 PM
Dan Burkland
Intrusion Detection
> -----Original Message-----
> From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
> Behalf Of Nux
> Sent: Friday, March 05, 2010 1:51 PM
> To: centos@centos.org
> Subject: Re: [CentOS] Intrusion Detection
>
> On Thu, 4 Mar 2010, Dan Burkland wrote:
>
> > Hello all,
> >
> > I have been exploring the various intrusion detection systems available
> for the Linux platform and was wondering what ones you all would
> recommend? I have used AIDE before and while it is extremely easy to
> setup, it does not support the ability to send alerts as files are changed
> (allows one to be aware of an intrusion almost immediately).
> >
> > Thank you,
> >
> > Dan Burkland
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
> Try OSSEC, seems nice.
Thank you all for your suggestions, I have been evaluating OSSEC so far and like it quite a bit. I just need to figure out how to get it to email me nightly reports of all modifications to the file system every night like I did with AIDE.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Intrusion Detection
