[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

Quoting Russ Allbery (rra@debian.org):

> Yup.  IDS systems are wonderful.  But they do require discipline.

Indeed.  I'd still like to see a trial project, to see _if_ a default IDS
setup (Samhain, AIDE, or Prelude-IDS) can be made to be generally useful.  
(Yeah, I know:  "Sooner if you help.")

> That's really the take-home point with all of these discussions.  There
> are a lot of great security tools available if you're paying attention and
> really think about what you're doing, clear anomalies, and make sure that
> everything they report really *is* unusual.

One of the take-home lessons of my (referenced) article about the 2003
server compromise is that the Debian Project sysadmins caught it
promptly _mostly_ because they reasoned that simultaneous kernel oopses
across multiple hosts were too suspicious to ignore.  The nightly report
from AIDE, later, merely confirmed what they already knew.

> This is, for example, one of the reasons why I think Debian's logcheck
> package is such a good idea.

Agreed.

-- 
"Zees American words are too much.      Zen our culture you'll wrench; 
With 'le parking' 'le weekend' & such.  Wiz our children we'll be out of touch."
Eef you anglicize French,                -- L'Academie Francaise in a nutshell
Reply to: