On Sat, Dec 06, 2003 at 06:36:55PM -0500, Roberto Sanchez wrote:
> At the risk of starting a flamefest, what is a good IDS? I ask because
> the recent compromises have got me thinking. I have a couple of
> web/mail servers I am adminning at school, and I really have no way of
> knowing if they have been 0wn3d. I (poorly) check the logs every 2 to 4
> weeks, but that doesn't seem like enough.
>
> What does everyone else use? (BTW, my servers run stable.)
I use integrit, and it seems to come with fairly smart options.
Definitely read the docs that come with it and decide what level of
paranoia you want:
eg: for low paranoia you can go with the default setup where everything
goes on the HD ... for medium paranoia, put the checksum database on a
read-only network share or a CD ... for high paranoia, put the
executable itself on a read-only medium as well... etc
Also you'll want to make some decisions about what directories it should
ignore, and what to scan... no need to spend hours of processor time
generating checksums for the MP3 collection...
Cheers!
--
-------------------------------<<ScruLoose>>-------------------------------
I'm empty and aching and I don't know why.
- Simon and Garfunkel
--------------------------<<Please do not CC me>>--------------------------
Attachment:
pgpXdkS9mHlsr.pgp
Description: PGP signature