Re: [CentOS] Intrusion Detection Systems

2007-09-30 Thread Lanny Marcus
On 27 September 2007, John Hinton [EMAIL PROTECTED] wrote: Message: 50 Date: Thu, 27 Sep 2007 03:13:00 -0400 snip WOW! I just did an install of OSSEC on a couple of servers and so far I'm very impressed. First, the installation was as good as anything John: Sounds like you are very pleased

Re: [CentOS] Intrusion Detection Systems

2007-09-30 Thread John Hinton
Lanny Marcus wrote: On 27 September 2007, John Hinton [EMAIL PROTECTED] wrote: Message: 50 Date: Thu, 27 Sep 2007 03:13:00 -0400 snip WOW! I just did an install of OSSEC on a couple of servers and so far I'm very impressed. First, the installation was as good as anything John: Sounds

Re: [CentOS] Intrusion Detection Systems

2007-09-30 Thread Les Bell
John Hinton [EMAIL PROTECTED] wrote: I did look at snort and actually some people run both snort and OSSEC. I don't remember the reasons. Simply put, they're different things. Snort is a network IDS which examines network traffic packets, looking for the signatures of various attacks. OSSEC

Re: [CentOS] Intrusion Detection Systems

2007-09-27 Thread John Hinton
Stephen John Smoogen wrote: On 9/26/07, John Hinton [EMAIL PROTECTED] wrote: Situation: We are providing hosting services. I've grown tired of the various kiddie scripts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs.

[CentOS] Intrusion Detection Systems

2007-09-26 Thread John Hinton
Situation: We are providing hosting services. I've grown tired of the various kiddie scripts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We simply have too many users entering from too

Re: [CentOS] Intrusion Detection Systems

2007-09-26 Thread Mark D. Foster
John Hinton wrote: ... There does seem to be flexibility among these three systems in having the ability to monitor just about any log system and take action based on failed logins for instance. So, whats the word from the list? Pros cons or other directions? I've always been rather fond of

Re: [CentOS] Intrusion Detection Systems

2007-09-26 Thread Stephen John Smoogen
On 9/26/07, John Hinton [EMAIL PROTECTED] wrote: Situation: We are providing hosting services. I've grown tired of the various kiddie scripts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We