Light weight IDSes and then some

To: debian-security@lists.debian.org
Subject: Light weight IDSes and then some
From: George P Boutwell <george.boutwell@gmail.com>
Date: Thu, 14 Jul 2005 17:23:31 -0500
Message-id: <[🔎] 121565a05071415235315b0dd@mail.gmail.com>
Reply-to: George P Boutwell <george.boutwell@gmail.com>

Hello,

  I currently have a Woody NAT/Firewall machine that provides internet
to my home LAN.  In addition to that it provides Web proxy and Web
serving (mainly for a few pages for my family and friends).  It's been
running nicely for several years now.  Last year I had 2 cases where I
had near misses on being compromised.  I've gotten a new box and I'm
planning and preparing it to replace my existing Woody with Sarge on
this new box.  I'm trying to plan a somewhat hardened and more secure
installation this time to better handle the possible compromises I
nearly came to face last year.  I have some questions and help that I
need.

Goal:  To provide an Internet Connection NAT/Firewall, with (Squid)
Transparent Proxy, DNS Caching, Apache, and SSH. (ie replace and may
be enhance a little the current box(

Questions:

  I'm going to follow the Debian How-To on Securing Debian, which so
far has been extermely helpful in seeing some thing I can do when I
get that 'oh my, I've been compromised' feeling, how do I verify it
ain't so.

1) What are some projects/software for light IDS, specifically file
checksome/change control.  I plan on doing the MD5 checksum floppy as
described in the Secuirng How-To, but then I want an software that
does that and e-mails my admin user whenever checksums and permissions
change.

2) Apache & or cgi-bins I use, where the cause of my closest to being
compromised situations.  If I set-up Apache, PHP, cgis, etc in a
chroot jail, how can I still provide and /~username/ type set-up, as I
have at least 2 situations where I rely heavily on that?  As near as I
can tell this is not covered in any of the Apache chroot information
I've read.

3) I'd like to provide some limited SFTP (SSH FTP) mechanisms for
select individuals, for these I would really like to do away with the
shell, but I haven't found away, how can I provide an shell-less SFTP
or severely restricted SFTP service for these people?

Any help or suggestions, especially software or packages that I should
research during my planning would be greatly appreciated.

Thanks,
-- 
George

Reply to:

Follow-Ups:
- Re: Light weight IDSes and then some
  - From: Brian Bilbrey <bilbrey@orbdesigns.com>

Prev by Date: Re: Timeliness of Debian Security Announceness? (DSA 756-1 Squirrelmail)
Next by Date: Re: Light weight IDSes and then some
Previous by thread: Re: Timeliness of Debian Security Announceness? (DSA 756-1 Squirrelmail)
Next by thread: Re: Light weight IDSes and then some
Index(es):
- Date
- Thread