Stefan Keller
Sun, 12 Mar 2000 11:45:27 -0800
Hi there.. as things are ready to explode again, here's a thought... (tataaa!! *smile*) How about putting together a distributed IDS system based on trinux (with snort plus perl scripts)? Here's what I'd imagine: <story> Somewhere within company A a network starts to seriously act up.. "What's going on?", thinks our security person and asks a fellow colleague to feed some laptop with the trinux floppy set he mailed him a few weeks ago.. After booting up the trinux box will scan the local network and try to do a profiling of its environment, configure itself a snort ruleset and starts gathering data with snort (http://www.clark.net/~roesch/security.html - now with strikeback and database support!). Our sensor will send back its data (encryptedly) to a management server (on security person's desktop) using either encrypted mail or ssh.. Alternatively: Our sensor will log its data to a local hard drive.. Would be nice if our security person could log into the sensor using ssh and change things to his liking.. =) (We might assume that the fellow colleague is an NT guy and has no clue about Unix..) </story> What would we need in Trinux? - an updated snort package - some perl scripts to do the environment profiling, to send data around and such.. - nmap (we have that one, need it for the profiling) - a sshd package (preferably the OpenSSH server [*free!*]) (alternatively, stunnel.. [there's actually a stunnel package]) - a .. *cough*.. pcmcia package for glibc ....what else? Does anyone else feel that this is a worthwile idea? Would someone like to take the helm? Stefan ------- Matthew, what should the development plattform look like? (How can I get a RedHat 6.0 to fit to these requirements?) [EMAIL PROTECTED] wrote: > > For those of you that have been wondering... > > Trinux was never dead, only in a coma. It is finally beginning to stir. > > The Trinux development team has relocated to Austin and had a strategic > planning meeting yesterday at the local pho-house. The lab is nearly > operational. All I need now is a fresh box o' floppies. Look for things > to start heating up again. There is a lot of catching up to do. > > -mdf > > *_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_*_* > > For version 0.6x > ---------------- > > Updated packages: > - Nmap 2.3beta14 > - Ngrep 1.37 > > New Packages: > - Zombie Zapper (FYI: Simple Nomad rulez...) > - Nstreams 0.99.3 (so does Renaud D... of Nessus fame) > > ftp://ftp.trinux.org/pub/trinux/packages/latest/ > > I have not tested these yet, I'm assuming my build scripts still work ;) > > If there are any other cool tools besides etherape that you are dying to > see, drop me a note. > > And if there is anyone in the Austin/Central Texas area that might be > interested in getting involved, let me know. > > -mdf > > ------------------------------------------------------------------------------------ > www.trinux.org hosted by The Vnode Connector Services > www.vnode.com *** Special Discounts For Trinux Users > *** Email [EMAIL PROTECTED] > ------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------ www.trinux.org hosted by The Vnode Connector Services www.vnode.com *** Special Discounts For Trinux Users *** Email [EMAIL PROTECTED] ------------------------------------------------------------------------------------