intrusion detection / logfile reporter
Hello all,
I have some questions regarding system security. Besides of doing
filtering with IP tables, disabling inet.d services like telnet, r-tools
etc. and setting some general denials in /etc/hosts.deny (plus some
other stuff like changing default ports of some demons like sshd), I am
looking for some additional security options I can apply to a linux system.
Especially, I am looking for a not-too-paranoid-to-setup-tool that can
review my logfiles and report me via beep and/or local mail that it
found something unusual in a log. Does anyone know of such a tool?
Second, as a more theoretical question, is there any open source project
available that can inspect network packages on application level, e.g.
to detect virusses etc. (like sandboxes on huge firewall systems).
I hope not to mix some termini, cos I am not that good in this network
stuff...but I hope to learn from your answers. So do not hesitate to
post answers 8^).
Greetings and have a nice weekend,
Timo
Reply to: