Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-28-2003, 03:07 PM   #1
Registered: Jul 2003
Location: sweden
Distribution: gentoo @home, RH @ school
Posts: 107

Rep: Reputation: 15
Intrusion Detection?

Sorry for asking these newbie questions. I have configured a firewall on Mandrake 9.1 (guarddog at the moment will change for smoothwall when the 9.2 is released or iptables if I have the time to study the howtos) which seems to work fine. But I want to know if its working so I think an intrusion detection system would be appropriate. The question is which one. I've heard about several such as portsentry, lids, grsecurity and snort. But which one would be easy and still do the job. I just want to see what's up; if anyone is port scanning and if so does the firewall work.

suggestions are appreciated
Old 08-29-2003, 08:15 AM   #2
Registered: Mar 2003
Location: PARIS / FRANCE
Distribution: Mandrake 9.2rc2
Posts: 49

Rep: Reputation: 15
Snort !
Old 08-29-2003, 10:21 AM   #3
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 620

Rep: Reputation: 30
Old 08-29-2003, 01:05 PM   #4
LQ Newbie
Registered: Jun 2001
Location: San Jose, CA
Distribution: Debian (Servers); Gentoo (Desktop)
Posts: 29

Rep: Reputation: 15
Snort is a great host/network instrusion detection system.

You also might want to look at AIDE, an alternative to Tripwire. This is a host based content integrity system. Lets you know if you important files have been modified or replaced by trojans.
Old 08-29-2003, 07:01 PM   #5
Registered: Jul 2003
Location: sweden
Distribution: gentoo @home, RH @ school
Posts: 107

Original Poster
Rep: Reputation: 15
I guess that pretty much sums it up. Snort's what I need to study!
Old 09-03-2003, 04:44 AM   #6
Registered: May 2001
Posts: 28,826
Blog Entries: 55

Rep: Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342
No. IMNSHO you need network intrusion detection system (Snort) *and* a filesystem integrity checker (Aide, Samhain, tripwire) to cover it. The "problem" is a filesystem integrity checker should best be installed after installing the OS, and before connecting it to a network to have some guarantee wrt the state of the system.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
intrusion detection fakie_flip Linux - Security 4 08-19-2005 05:24 PM
Intrusion Detection L1nuxbug Linux - Security 4 07-21-2004 05:20 AM
Intrusion Detection!!! egyptian Linux - Security 2 04-02-2004 11:37 AM
Linux Intrusion Detection neilcpp Linux - Security 11 10-27-2003 08:17 AM
Intrusion Detection Policy WeNdeL Linux - Security 3 05-15-2003 05:46 AM

All times are GMT -5. The time now is 07:59 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration