Does any one know of an easy to install IDS for linux that has a GUI?

If any of you guys need help setting up a linux firewall with a cable modem,

let me know!
I have built tons of them for people and showed them how!

Snort+acid is very very nice. Also, snort can log to a postgre or mysql database. You can then write some php to pull all the data from the db and display it on a page.

I actually already have some php scripts written for them. if you are interested....

Then their is http://www.demarc.com

Demarc is really nice, and cake to install, you just need a machine w/o a web+sql server because the default install drops them in for you. It's not free for commercial use though..

Thanks for all of your help. I will go download them now.

Is Big Brother anygood !!

If you are talking about the BB that can be found at http://www.bb4.com then yes it is very good. It's not an IDS though, it's a network monitoring system.

--jeremy

turnip thanks for the link to demarc's puresecure, it works great. I was setup in less than 20 mins.
Regards, neo

To piggyback on this discussion. I'm looking for the same solution for my home network that consists of a w2k server and linux server ver7.3 also w/dsl. I attempted to install the win version of puresecure on my w2k web server running apache/mysql & php. the install went good until I went to start the service. Afterwards it gave me the following:
PureSecure Installation and Setup complete.
You will need to map the following virtual paths to their installation paths in your IIS webserver before you can login to the PureSecure Console:
/Demarc -> c:\PureSecure\console\cgi
/dm_images -> c:\PureSecure\console\images

/Demarc should have "Scripts and Exectubales" enabled, but *no* "Read" permission.
/dm_images should have "Read" permissions, but no "Execute" permissions.

The first problem is that I'm running Apache instead of IIS, and all of those services are stopped. So I'm assuming I'll need to modify the httpd.conf file, but I'm not how to.

Can anyone assist with this? Since I wasn't using the linux server as a web server I wasn't sure about installing it there. So I placed it on my web server, which just happens to be w2k. Anyone know if running this on a standalone linux server that won't be running as a web server will be a problem?

Any response is appreciated...

Sorry mate, can't help you on this one, I installed puresecure on linux side, I did what I was told to do - removed my current apache (backed up everything of course), removed MySQL ( I didn't even used that before, it was there for "later" use), ran ./configure script for PureSecire, it installed everything, upgraded openssl - it tends to install openssl version which is a little bit outdated, and now I have a fully functional (almost) IDS, gotta work some rules for snort though - whenever I go on the net and fire up my browser to surf the net I am getting a port scan alert in my logs telling me that my IP has port scanned whoever I point my browser to, LQ, etc.