Re: Recommend good IDS? was Re: /dev/shm/r?
> I'd be interested to hear some recommendations for IDS to run on
> internet facing servers. Especially from the point of view of ease of
> installation, ease of maintenance, quality of the tool, and ability to
> have it deliver really useful information to the admin. I've used
> SNORT a bit in the past and my feeling was that it was so chatty that
> it was actually hard to tell if something bad was happening or not.
Don't think it really counts as IDS, but I like to use tiger and rkhunter.
They perform some checks on the system on a regular basis. That is not a
really good protection against unauthorized access (well; it might catch
stupid cracker ;) but at least it helps to protect the systems from myself,
e.g. when I tweak some configuration option during a maintenance task in an
insecure manner (e.g. allow root login via ssh until I'm finished setting
up the system) tiger will remind me to reset the save values :)