Re: IDS
hi ya chris...
what kind of IDS are ya looking for ???
- people that have successfully logged in ??
- people that are port scanning ??
- people that have changed your binaries ??
- people that are trying out rootkit ???
- people that are trying to buffer overflow your apps ???
- .....
- security tighten'd precautions ???
guess each of the above has different possible solutions
all of the above could be fun if we had time to write some code...
or find some additional IDS and test it out..
have fun
alvin
i've added some commands into the .bash_profile to get some info
about successful logins....( maybe even send a emergency page ?? )
- reboots of a machine or certain daemons warrants a page tooo
tripwire was too big/complicated so i did a simple one-liner for some
of my clients boxes...
tar cvf - /etc/passwd /etc/shadow /bin/login /bin/bash ... | sum
( and other files you care about that hackers like to change )
and than regularly check the checksum against the saved copy...
and if different... it comes looking for me...
On Thu, 26 Oct 2000, Michael Smith wrote:
> Try aide http://packages.debian.org/unstable/admin/aide.html.
>
>
> Chris Mason wrote:
>
> > I'm looking for recommendations for an Intrusion Detection system for my
> > firewall. Preferably a debian package but not restricted to.
>
> --
> Michael J. Smith msmith4@gladstone.uoregon.edu
> 2250 Patterson #25 Eugene, OR 97405
> (541)346-7562
>
>
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
Reply to:
- References:
- Re: IDS
- From: Michael Smith <msmith4@gladstone.uoregon.edu>