Hi! john schrieb:
> I'd be interested to hear some recommendations for IDS to run on > internet facing servers. Especially from the point of view of ease of > installation, ease of maintenance, quality of the tool, and ability to > have it deliver really useful information to the admin. I've used > SNORT a bit in the past and my feeling was that it was so chatty that > it was actually hard to tell if something bad was happening or not. Don't think it really counts as IDS, but I like to use tiger and rkhunter. They perform some checks on the system on a regular basis. That is not a really good protection against unauthorized access (well; it might catch stupid cracker ;) but at least it helps to protect the systems from myself, e.g. when I tweak some configuration option during a maintenance task in an insecure manner (e.g. allow root login via ssh until I'm finished setting up the system) tiger will remind me to reset the save values :) Best regards, Alexander -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
