Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi guys, I currently using Pfsense snort for IDS and IPS.
But I think the UI not really great and not easy to costume the rule.
I have google come up with a lots of options, I need input from who have been used IDS and IPS system.
Prefer open source, great user interface and easy custom rule
Really appreciate for all the input.
jag2000, thanks for the input. I will have a try in office lab.
Actually will used for office but really prefer open source because of budget.
If anyone have any other input really appreciate it.
*I'd like to point out that you're responsible for gauging responses (as the first didn't actually address your concerns and didn't give any reason for switching).
Quote:
Originally Posted by hermy7
If anyone have any other input really appreciate it.
Maybe you could clarify what
Quote:
Originally Posted by hermy7
great user interface
and what
Quote:
Originally Posted by hermy7
easy custom rule
mean to you. As for the latter most IDSes will initially see their rule set tuned to site specs (like why bother with IIS or Solaris sigs if you don't run them) and run automated rule management to reflect that (lots of command line tools available for which you don't need a user interface), so unless you're into crafting your own signatures or have specs changing dynamically why would you need easy rule customization in the first place...
System that have build in snort and build in analysts full packet web based snorby example smoothsec or security onion.
Considering of other people easy to used.
easy custom rule
any program that can help to create local rule just type requirement will automatically create snort rules.
Example filter for RED 5 traffic with specific parameter need to be excluded for security purpose.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
