Re: Comprehensive intrusion detection?

To: debian-isp@lists.debian.org
Subject: Re: Comprehensive intrusion detection?
From: Alexandros Papadopoulos <apapadop@alumni.cmu.edu>
Date: Thu, 15 Jun 2006 16:11:18 +0300
Message-id: <[🔎] 200606151611.18244.apapadop@alumni.cmu.edu>
In-reply-to: <[🔎] 44909280.104@emenaker.com>
References: <[🔎] 44909280.104@emenaker.com>

On Thursday 15 June 2006 01:49, Joe Emenaker wrote:
<snip>
> I know that AIDE and tripwire check for changes to critical
> files/directories... chkrootkit looks for rootkit-ish things.... and
> logcheck looks just at the logs.... but I haven't seen anything that
> scans the entire machine (filesystem, listening ports, outgoing
> ports, etc) for all of the standard things you see on things like the
> SANS intrusion detection checklist... or better yet, something with
> regular updates (like clamav) that checks for things that are being
> seen on the latest honeypots.
>
> Isn't there *something* like that out there already?

The package "tiger" covers most of the above.

-A

Reply to:

References:
- Comprehensive intrusion detection?
  - From: Joe Emenaker <joe@emenaker.com>

Prev by Date: Comprehensive intrusion detection?
Next by Date: Teslimat hatasi / Delivery failure: <domreg@nic.tr>
Previous by thread: Comprehensive intrusion detection?
Next by thread: Re: Obtain degrees from Prestigious non-accredited Universities
Index(es):
- Date
- Thread