Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Iam a student, a novice in the linux. Iam assigned the project of creating a intrusion detection system in linux. Is it possible to create it in two months for a novice like me?? where can I get the required help and papers? Plz help.
It depends. I you want to have a professional one, like let's say Snort, it's not possible. If you want to show how it looks and works, I see no problem. IDS is a large topic, however, and you should know first what kind of IDS you want to build.
Well I dont need a professional one. I need that for a student project so it's enough if does the tasks like scanning da ports etc. Just the basic model will do. Any reply and help will be appreciated.
You need to define the requirements carefully. Port scans can be detected easily (by just counting SYNs in time intervals). The biggest decision is if you want to write a signature-based one or behaviour-based one. BTW first option is easier.
when you say 'create an intrusion detection system' do you mean write a IDS program, or do you mean setup an IDS? those are two totally different tasks.
I want to write a program for the intrusion detection system. I jus wanna code a simple knowledge based intrusion detection system. Where can I get some sample codes??
i dont think your going to be able to find any sample codes out there... if i were you, i would set up an IDS like snort, and see how it works, to get ideas of how to implement it.
Knowledge-based IDS is usually just a simple scanner. The hardest thing is to parse the rules it has. If you hard--code them, it's really easy. Example: 5 SYNs from one IP in less than a minute means scan. Simple, right? Choose language and the network-access library (like pcap when you decide to write in C).
I want to write a program for the intrusion detection system. I jus wanna code a simple knowledge based intrusion detection system. Where can I get some sample codes??
I guess this is the point of your project isn't it ... why don't you just do your homework, or ask your Prof, TA's for pointers? Geez!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.