Re: secure installation
Quoting Russ Allbery (rra@debian.org):
> Yup. IDS systems are wonderful. But they do require discipline.
Indeed. I'd still like to see a trial project, to see _if_ a default IDS
setup (Samhain, AIDE, or Prelude-IDS) can be made to be generally useful.
(Yeah, I know: "Sooner if you help.")
> That's really the take-home point with all of these discussions. There
> are a lot of great security tools available if you're paying attention and
> really think about what you're doing, clear anomalies, and make sure that
> everything they report really *is* unusual.
One of the take-home lessons of my (referenced) article about the 2003
server compromise is that the Debian Project sysadmins caught it
promptly _mostly_ because they reasoned that simultaneous kernel oopses
across multiple hosts were too suspicious to ignore. The nightly report
from AIDE, later, merely confirmed what they already knew.
> This is, for example, one of the reasons why I think Debian's logcheck
> package is such a good idea.
Agreed.
--
"Zees American words are too much. Zen our culture you'll wrench;
With 'le parking' 'le weekend' & such. Wiz our children we'll be out of touch."
Eef you anglicize French, -- L'Academie Francaise in a nutshell
Reply to: