Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Any suggestions on a simple IDS app? Nothing too fancy or detailed. I have a ftp box set up in a dmz and would like to see just the basic traffic that comes and goes, identifying thing like port scan and the such would be nice but not necessary. BTW im using slack and proftp. Thx
If you just want to monitor traffic, try ethereal/tcpdump. It's pretty simple to setup and even easier to use. If you want an IDS to actually detect intrusions (file alterations), tripwire is pretty simple to install. Unfortunately the default config has entries for almost everything so you'll have to modify the tripwire config file. www.linuxsecurity.com has some others under the packetstorm section.
I told wrong. this box is actually suse 8.0, which comes with a firewall. I've never used this firewall, from others experience will this basically do the trick? Changing what I posted earlier, I would like to know if I am being attacked, but again nothing too detailed or fancy. Thanks for the help.
Oh well. If you want attack logging, dependant on your definition of that tho, and "nothing too detailed or fancy" why not just run Snort, and disable all the preprocessors and rulesets you don't want to have alerts for?
I know snort is ultimately the answer but it seems here lately that snort has had several vulns. In your opion if it is safe enough I will go ahead and try it.
I'd say go ahead, but go for Snort-2.0x.
If you have questions about Snort configuration, just ask (but plz RTM first) and if you still think running Snort is a major risk you could try running it from a chroot.
Also plz note the 1st thread of this forum has a section on IDSes with much nfo on Snort.
"Tripwire is originally known as an intrusion detection tool, but can be used for many other purposes such as integrity assurance, change management, policy compliance and more."
You do have a point though, that tripwire can only detect file alteration and therefore is much more limited in it's ability to detect intrusions. But often intrusions=file alteration, so I still think it's a useful tool to have around.
thx, you da' man... even way back from the linuxbox days...
LOL, you remembered.... Seems like ages ago.
From www.tripwire.org:
"Tripwire is originally known as an intrusion detection tool, but can be used for many other purposes such as integrity assurance, change management, policy compliance and more."
Yeah, you're right to quote that, tho I never questioned tripwire's value or usefulness. I'll just say to me the acronym IDS is a bit misleading labelling this type of app. IMHO it would be less confusing if these apps where labelled as "filesystem integrity detection systems". I just hope ppl don't rely on this (passive detection method) as their sole means of detecting changes...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.