Re: LIDS and debian
On Mon, Jan 22, 2001 at 09:31:27AM -0500, Dan Hutchinson wrote:
>
> I would also like to help if possible. I haven't loaded an IDS software
> specific for Debian and most my Apps are on commercial property O/S,
> ie. Sun, HP, and Microsoft. What IDS are you playing with, or are you
> just modifying the kernel?
Both! LIDS patches the kernel to prevent anyone (including root) from
doing bad things like modifying binaries, deleting log entries etc. It
is completely different to the usual Network Intrusion Detection
Systems, although it does include crude port-scan detection. Snort
does a much better job at that.
I probably should have included a URL: http://www.lids.org/
The patch for 2.4.0 is looking very new and rough right now, but this
could be a really cool addition to Debian in the long term.
This doesn't look very easy to package, but it would be great if
there was some sort of debian-lids howto. If noone else want to I'll
have a go, but first I have to get I working!
>
> Dan
Oh yes: a huge apology to everyone for stuffing up the date before.
It is a looong story, but for now I'll blame it on lids ;-)
--
Reply to: