Portsentry with its logfiles is additional to Tripwire ----- Original Message ----- From: Bob Smith <bob@xxxxxxxxxx> Date: Sat, 18 Sep 2004 08:00:41 -0600 (MDT) To: "Aasef Iqbal" <aneedz@xxxxxxxxx>,"General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> Subject: Re: Intrusion detection tools > This topic is a actually pretty large one. The Software Engineering > Research Laboratory at the University of Colorado created a platform > based on their Siena project to make an event notification scheme available, > but it was the agents that detected it that were very specific to each > system. And since every OS is different, it's not likely that there's a > one stop answer. > > Tripwire is certainly one point to look at, but the messages, particularly > on a large file system, will be numerous, and you'll need to create > a filter to find specific events. > > Also, you can write a couple of shell scripts, which I was planning on > doing myself, to look at the /var/log/messages, /var/log/maillog and > the related FTP and HTTP log files to check on activities that are > questionable. For example, you can do quick greps for "authentication > failure" messages. > > I'm sure there's probably packages out there that are more robust, and > you might try checking some of the internet security sites for ideas > and toolkits. > > -Bob > > > > hi, I need to setup an intrusion detection system, where I can see > > user activities like failed attemps, file modified by the user etc. I > > was thinking of TRIPWIRE but it only checks files integrity not the > > user attempts. > > > > Any comments > > > > Asif > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- _____________________________________________________________ Web-based SMS services available at http://www.operamail.com. >From your mailbox to local or overseas cell phones. Powered by Outblaze -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
