LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-28-2003, 03:07 PM   #1
matador
Member
 
Registered: Jul 2003
Location: sweden
Distribution: gentoo @home, RH @ school
Posts: 107

Rep: Reputation: 15
Intrusion Detection?


Sorry for asking these newbie questions. I have configured a firewall on Mandrake 9.1 (guarddog at the moment will change for smoothwall when the 9.2 is released or iptables if I have the time to study the howtos) which seems to work fine. But I want to know if its working so I think an intrusion detection system would be appropriate. The question is which one. I've heard about several such as portsentry, lids, grsecurity and snort. But which one would be easy and still do the job. I just want to see what's up; if anyone is port scanning and if so does the firewall work.

suggestions are appreciated
thanks!
 
Old 08-29-2003, 08:15 AM   #2
exalik
Member
 
Registered: Mar 2003
Location: PARIS / FRANCE
Distribution: Mandrake 9.2rc2
Posts: 49

Rep: Reputation: 15
Snort !
 
Old 08-29-2003, 10:21 AM   #3
aqoliveira
Member
 
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 620

Rep: Reputation: 30
snort!!!
 
Old 08-29-2003, 01:05 PM   #4
joe_stevensen
LQ Newbie
 
Registered: Jun 2001
Location: San Jose, CA
Distribution: Debian (Servers); Gentoo (Desktop)
Posts: 29

Rep: Reputation: 15
Snort www.snort.org is a great host/network instrusion detection system.

You also might want to look at AIDE, an alternative to Tripwire. This is a host based content integrity system. Lets you know if you important files have been modified or replaced by trojans.
 
Old 08-29-2003, 07:01 PM   #5
matador
Member
 
Registered: Jul 2003
Location: sweden
Distribution: gentoo @home, RH @ school
Posts: 107

Original Poster
Rep: Reputation: 15
I guess that pretty much sums it up. Snort's what I need to study!
 
Old 09-03-2003, 04:44 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,166
Blog Entries: 54

Rep: Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807
No. IMNSHO you need network intrusion detection system (Snort) *and* a filesystem integrity checker (Aide, Samhain, tripwire) to cover it. The "problem" is a filesystem integrity checker should best be installed after installing the OS, and before connecting it to a network to have some guarantee wrt the state of the system.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
intrusion detection fakie_flip Linux - Security 4 08-19-2005 05:24 PM
Intrusion Detection L1nuxbug Linux - Security 4 07-21-2004 05:20 AM
Intrusion Detection!!! egyptian Linux - Security 2 04-02-2004 11:37 AM
Linux Intrusion Detection neilcpp Linux - Security 11 10-27-2003 08:17 AM
Intrusion Detection Policy WeNdeL Linux - Security 3 05-15-2003 05:46 AM


All times are GMT -5. The time now is 11:54 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration