Remember, that a HIDS (host IDS) is just a detective control on the
host. It shows that you have been hacked, you will probably want a
good NIDS (network IDS) to see what attacks are being attempted over
the wire.
HIDS is good to quickly detect a compromise...
http://sourceforge.net/projects/aide
http://packages.debian.org/search?keywords=aide
On Jun 3, 2009, at 9:55 AM, Boyd Stephen Smith Jr. wrote:
In <[email protected]>, john
wrote:
On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha <[email protected]>
wrote:
I'm surprised more people aren't running tripwire or other IDS.
I'd be interested to hear some recommendations for IDS to run on
internet facing servers.
I inherited a tripwire installation at some point. It was one mail
message
per day (and if you didn't get that message you knew something was
wrong).
It required a bit of tuning to not report errors regularly, but once
I spent
that time it was fairly hands-off.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
[email protected] ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
