Re: OT: An Idea for an IDS
Check out psad, which is similar to what you want (and I use it).......
You can see psad at http://www.cipherdyne.com/psad/, which is somehow related to
Bastille Linux http://www.bastille-linux.org/. Or just apt-get install psad.
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> Greets all,
> A previous post spawned an idea of mine. I am not sure if there is a
> project available for this or not. Here we go:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something suspicious it would use regular expression to grab out
> pertinent parts of the log (say the IP address) and act on the log
> accordingly (in real time) by say dropping an IPTABLE rule down on the
> IP address.
> Are there any projects out there to do this right now. If not, is this
> a good idea? If it is who would be a person/group that would be
> qualified and have the time/interest to develop it.
> Just throwing out a random conscious thought,
> Phillip Hofmeister
> PGP/GPG Key:
> wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
> Excuse #202: That's easy to fix but I can't be bothered.
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com