Re: LIDS and debian

To: debian-firewall@lists.debian.org
Subject: Re: LIDS and debian
From: Ben Harvey <harveyb@iinet.net.au>
Date: Tue, 23 Jan 2001 01:45:15 +0800
Message-id: <[🔎] 20010123014515.A2023@sharkey>
Mail-followup-to: harvey, debian-firewall@lists.debian.org
In-reply-to: <[🔎] 20010122143128.UTHQ287.mta06.onebox.com@onebox.com>; from hutchinsond@zdnetonebox.com on Mon, Jan 22, 2001 at 09:31:27AM -0500
References: <[🔎] 20010122143128.UTHQ287.mta06.onebox.com@onebox.com>

On Mon, Jan 22, 2001 at 09:31:27AM -0500, Dan Hutchinson wrote:
> 
> I would also like to help if possible.  I haven't loaded an IDS software
> specific for Debian and most my Apps are on commercial property O/S,
> ie. Sun, HP, and Microsoft.  What IDS are you playing with, or are you
> just modifying the kernel?

Both! LIDS patches the kernel to prevent anyone (including root) from 
doing bad things like modifying binaries, deleting log entries etc. It
is completely different to the usual Network Intrusion Detection 
Systems, although it does include crude port-scan detection. Snort 
does a much better job at that.

I probably should have included a URL: http://www.lids.org/

The patch for 2.4.0 is looking very new and rough right now, but this
could be a really cool addition to Debian in the long term.

This doesn't look very easy to package, but it would be great if 
there was some sort of debian-lids howto. If noone else want to I'll
have a go, but first I have to get I working!
> 
> Dan

Oh yes: a huge apology to everyone for stuffing up the date before. 
It is a looong story, but for now I'll blame it on lids ;-)

--

Reply to:

References:
- Re: LIDS and debian
  - From: "Dan Hutchinson" <hutchinsond@zdnetonebox.com>

Prev by Date: New debian package: firestarter
Next by Date: aliasing/routing trouble
Previous by thread: Re: LIDS and debian
Next by thread: Few questions about using rc.firewall.iptables
Index(es):
- Date
- Thread