Re: Intrusion detection tools

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Portsentry with its logfiles is additional to Tripwire

----- Original Message -----
From: Bob Smith <bob@xxxxxxxxxx>
Date: Sat, 18 Sep 2004 08:00:41 -0600 (MDT)
To: "Aasef Iqbal" <aneedz@xxxxxxxxx>,"General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx>
Subject: Re: Intrusion detection tools

> This topic is a actually pretty large one.  The Software Engineering
> Research Laboratory at the University of Colorado created a platform
> based on their Siena project to make an event notification scheme available,
> but it was the agents that detected it that were very specific to each
> system.  And since every OS is different, it's not likely that there's a
> one stop answer.
> 
> Tripwire is certainly one point to look at, but the messages, particularly
> on a large file system, will be numerous, and you'll need to create
> a filter to find specific events.
> 
> Also, you can write a couple of shell scripts, which I was planning on
> doing myself, to look at the /var/log/messages, /var/log/maillog and
> the related FTP and HTTP log files to check on activities that are
> questionable. For example, you can do quick greps for "authentication
> failure" messages.
> 
> I'm sure there's probably packages out there that are more robust, and
> you might try checking some of the internet security sites for ideas
> and toolkits.
> 
> -Bob
> 
> 
> > hi, I need to setup an intrusion detection system, where I can see
> > user activities like failed attemps, file modified by the user etc. I
> > was thinking of TRIPWIRE but it only checks files integrity not the
> > user attempts.
> >
> > Any comments
> >
> > Asif
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
_____________________________________________________________
Web-based SMS services available at http://www.operamail.com.
>From your mailbox to local or overseas cell phones.

Powered by Outblaze


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux