Before, I get my linux box ready to go out on the net (I'm using Windoze 98 at the moment with a firewall running). Which tools should I use on my linux box for each of the following categories,with an explain on why you recommend it:

1) Intrusion Detection
2) Trojan Dectection
3) File Integrity Checkers
4) Vulnerability Checkers

NOTE: I've all ready made my decision on the firewall that I'm going to use.

Although still gotta study up on how to setup it up properly, rather than just trusting other people's scripts without knowing what some the functions in the script do.

1)Snort. It's a rule and signature based packet filter (not some port connector tripwire like Portsentry), has good performance and is under active development. Refresh rules regularly.
2)Chkrootkit, some MTA filter like procmail, milter, and Antivirus software. Chkrootkit is the only known app to me that tries to detect a wide range of trojaned binaries by looking for unusual stuf (dirs like ./puta, ./adm) and string fragments from known trojans. Ofcourse that's only for *Known* Trojans. Stay on top by subscribing to some mailinglists. If you're serving for Wintendo boxes you might want to add some AV software to comb tru up/download dirs, personal dirs and mailspools. Currently I'm using Mcafee's uvscan and the romanian RAV. For detecting spam, malware and other "jokes" during delivery I use some procmail filters.
3)Aide, Samhain or Tripwire. Personally I like Aide, it's easy to configure and flexible using different algoritms and detecting MAC times. Don't forget to save your databases on read-only media.
4)Local: COPS or Tiger. Old, but could serve for basic SUID checking etc. Network: Nmap, Nsat, Nessus and some tools for packet mangling etc. Nmap and nessus are "swiss knifes", the rest is (and should be) based on personal experience and needs, just use the stuff you're familiar with.

Some sidenotes.
Personally I like the GRSecurity kernelpatch for taking away LINUX_CAPABILITIES (caps intended) like not being able to load modules after startup, forkbomb control, and kernel access and user restrictions, you could also look into Lcaps, LIDS, LOMAC or RBAC, stackguard. Before manually inspecting and compiling tarballs I comb the source over with a flawfinder. being able to chroot services and running them from a non-root account can be enhancing security. Some apps will chroot themselves (BIND for instance), some apps need help. Personally I use rootjail for automation, and then tweak the chroot manually.

HTH somehow.

Thanks a lot unSpawn

Hi,
I am having some problems installing COPS on my Red Hat 7.0 system. When I run ./reconfig, i get a few errors specifing that certain files are missing. I am also runnign TIGER and it is running perfectly (I have not installed it though!!).

Could someone please help me with installationof COPS on Linux Red Hat 7.0??

Barun

Could you tell us what it's missing?
Maybe "./reconfig 2>&1 > err.log" and post it here. Also it's best to start a new thread when asking a question and not tack onto existing ones...