On Mon, Jan 22, 2001 at 09:31:27AM -0500, Dan Hutchinson wrote: > > I would also like to help if possible. I haven't loaded an IDS software > specific for Debian and most my Apps are on commercial property O/S, > ie. Sun, HP, and Microsoft. What IDS are you playing with, or are you > just modifying the kernel?
Both! LIDS patches the kernel to prevent anyone (including root) from doing bad things like modifying binaries, deleting log entries etc. It is completely different to the usual Network Intrusion Detection Systems, although it does include crude port-scan detection. Snort does a much better job at that. I probably should have included a URL: http://www.lids.org/ The patch for 2.4.0 is looking very new and rough right now, but this could be a really cool addition to Debian in the long term. This doesn't look very easy to package, but it would be great if there was some sort of debian-lids howto. If noone else want to I'll have a go, but first I have to get I working! > > Dan Oh yes: a huge apology to everyone for stuffing up the date before. It is a looong story, but for now I'll blame it on lids ;-) --
