On 1/30/2017 8:46 PM, Dan Ritter wrote: > Obvious implementation methods:
If you're kicking off (semi-)unauthorized users and notifying on those actions then you're doing intrusion detection. You could use OSSEC but this might be overkill for the specific task. You could do a clumsy IDS with the Linux user auditing tools (psacct) and query the auditing information from... I dunnow... maybe a Nagios plugin or a Splunk query. -- \m/ (--) \m/ _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
