hi eric
what are yu trying to detect ???
- that someone logged in as root ???
- use ~root/.bashrc and have it send you an email
( real time as you gonna get ... until they disable it
- that someone is scanning your ports ???
- use portsentry
- that someone is trying to get into your box
- use logcheck, snort, aides, hacker_check.pl ( my version )
- that someone has changed your binaries/files
- use tripwire, CheckSum.pl ( my version )
- that you can recover from a hacker...
- use find to see what files is changed or added/deleted
- have a "fresh" backup of your "important data:
- system files are already on the initial cdrom
- that you have some exploitable vulnerbilities
- run nmap, satan(newer version..forgot its name )
- save your log files...to a secure loghost server
have fun
alvin
http://www.Linux-1U.net ... 3 NIC 1U firewalls ...
On Fri, 6 Apr 2001, John Steniger wrote:
> Try snort. Very robust, very quick, very cool.
> www.snort.org
>
> John J. Steniger
>
>
>
> > -----Original Message-----
> > From: Eric N. Valor [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, April 06, 2001 2:14 PM
> > To: [EMAIL PROTECTED]
> > Subject: Decent IDS?
> >
> >
> >
> > I'm looking for a decent IDS to use on a medium-security site
> > (external
> > webserver). I've got ipchains rules set up on the system,
> > but would like
> > to have something a little more real-time than just checking
> > logs the next
> > morning. Freeware solutions would be preferable, and again this a
> > medium-security requirement so I don't need anything too fancy.
> >
> > Since I'm sure this has been discussed on the list before
> > (and let's face
> > it - holy wars suck), please send responses off-line.
> >
> > Thanks!
> > --
> > Eric N. Valor
> > [EMAIL PROTECTED]
> > Webmeister/Inetservices
> > Lutris Technologies
> > [EMAIL PROTECTED]
> >
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
