> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > elg3ne@xxxxxxxxxx > Sent: Tuesday, December 06, 2005 12:59 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Best Linux Intrusion Detection System > > Hi guys, I know this is a off topic but since Iptables is a > security tool, I will ask this question with regards also on security. > > Here it goes. > 1. what is the most commonly used LIDS system? > 2. what is the best LIDS? > 3. what is the most sophisticated LIDS? > 4. what is the most easiest to setup? > 5. what LIDS can you suggest on CentOS? > > thanks The Focus-IDS group (www.securityfocus.com) is a better place for such questions. However since I replied: 1. Probably Snort (www.snort.org) but I'm not positive. Snort is a NIDS, of course, so if you are looking for HIDS then I couldn't tell you (Tripwire maybe). 2. Depends on what you want. Snort is an excellent NIDS, once you understand how to use it and turn off some rules which produce tons of false positives. 3. Sophisticated? Dresses better, more feature bloat, slicker interface? 4. I'd spend the time understanding what's going on before worrying about how easy an IDS is to set up. 5. Don't use it, so can't. Derick Anderson
