If you have found DShield you may also be interested in http://www.mynetwatchman.com which also aggregates intrusion information and escalates this to the relevant ISP with some success.
I know that MyNetWatchman fits into SME very easily as I did this a few days ago. Note: This worked for me, but it is not yet the 'correct' way to do it, and I may have missed something out :( Please comment, as I know that I have much to learn. A brief description is: Register on the site first (free, and very quick) Download the Perl agent from http://www.mynetwatchman.com/downperl.htm The current version is v1.12 and you can use the RPM on that page http://www.mynetwatchman.com/downloads/mnwclient-1.12-1.noarch.rpm Install the RPM (rpm -Uvh *) Now as the SME installation is a little non-standard there are a few things to tidy up before it will work. Make a link in /etc/rc7.d to start the client on startup ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S86mnwclient Edit the configuration file (in your favourite editor, pico/vi whatever) pico /etc/mnwlient.rc chain denylog interface eth1 (change the account details to match those you registered) Start the service /etc/init.d/mnwclient start After a while you should see entries in /var/log/mnwclient.log like the one below May 18 06:49:35 mnwclient[3888]: upload 1 event(s) from 61.33.85.100:39808 to 80.4.25.167:21/tcp successful. As the client works on checking /var/log/messages it will only pick up intrusions if you log them, so from the FAQ To change the level of logging: /sbin/e-smith/db configuration setprop masq Logging most /sbin/e-smith/signal-event remoteaccess-update Denied packets will now be logged to the system log. (/var/log/messages) regards Ian ----- Original Message ----- From: "Thor Anthrax" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Friday, May 17, 2002 5:18 AM Subject: [e-smith-devinfo] Dschield > I just found the homepage of Dshield (http://www.dshield.org/). Could this > be implemented in SME? > > Thor > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
