Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: RHEL, Fedora,Ubuntu, Centos, Windows XP & Windows 7
Posts: 44
Rep:
intrusion detection system
Hi All,
I am currently Working on Centos 5.7 x64 os.
my servers in DC which are behind the firewall.
I want to setup an intrusion detection system in my network so that i come to know when some one try to or take unauthorized login on my server. clearly Hacking in to my servers from outside network.
we mentioned list of ips in "/etc/hosts.allow" which can take ssh of the server & deny ssh=all in "/etc/hosts.deny" file.
iptable rules are configured.
i want to setup a application that is Open source (free) which can detect an attack or someone tries to take an unauthorized access to my servers. if possible Web Interface to monitor activities.
if above incident took place the application / tool should mail my team or send sms.
i searched for OSSEC, SNORT & IDS tool. i read about but very confuse about setting alert rules on to that.
If some one having better suggestions please let me know.
wanted to secure my servers at higher level.
also if possible advice me on security for Linux Server & how can i secure my servers.
I am Really interested in Computer security & want to learn badly.
Have a look at the sticky threads at the top of this forum. The information on intrusion detection should be useful. The reason the information you have seen is complicated is that there are a lot of things to consider when securing your system initially and then maintaining your systems and their security.
What problems did you have with SNORT and the other things you tried? If you post more information there are people who will be able to help.
i want to setup a application that is Open source (free) which can detect an attack or someone tries to take an unauthorized access to my servers. if possible Web Interface to monitor activities. if above incident took place the application / tool should mail my team or send sms.
What services are exposed through the DC firewall? Only SSH or what else? What have you done to secure and harden these servers except the firewall and tcp_wrappers?
Quote:
Originally Posted by Rohant
i searched for OSSEC, SNORT & IDS tool. i read about but very confuse about setting alert rules on to that.
Set up a host where you can test things out on. (Doesn't have to be a hard disk installation: you could use virtualization like VMware, VirtualBox, QEmu etc, etc.) After reading the documentation install the application and configure it. Test if you can make it log an alert. If it doesn't work feel free to ask specific questions providing an account of the steps you took, configuration files, error output, log excerpts et cetera.
Quote:
Originally Posted by Rohant
also if possible advice me on security for Linux Server & how can i secure my servers.
I want to setup an intrusion detection system in my network so that i come to know when some one try to or take unauthorized login on my server. clearly Hacking in to my servers from outside network.
Upon reading this, the first thing that came to mind was getting to know your log files intimately. Understand what each of them do, how they are configured, and how different aspects of your system contribute to them. While this is undoubtedly covered in the intrusion prevention references, I think it bears special mention. In my opinion it is one of the most critical, active things you can do. As well as being the most often overlooked and ignored.
Upon reading this, the first thing that came to mind was getting to know your log files intimately. Understand what each of them do, how they are configured, and how different aspects of your system contribute to them. While this is undoubtedly covered in the intrusion prevention references, I think it bears special mention. In my opinion it is one of the most critical, active things you can do. As well as being the most often overlooked and ignored.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.