On Wed, 1 Nov 2000, Kurth Bemis wrote:
>> Does anyone know how to clean the Zombie off of their server?
>
> install AIDE - its on freshmeat. i did....and it's helped me a lot...
It is worth stressing that, while an IDS (Intrusion Detection System) is a
great idea, it is not going to help you recover from a compromise if you
didn't have it setup beforehand.
IDSes available include Tripwire, AIDE, and LIDS.
Tripwire was one of the first, and has been very popular in commercial Unix
circles. It recently went Open Source under the GPL, which surprised me; I
expected a more restrictive license. http://www.tripwire.com is the
commercial home, http://www.tripwire.org is the Open Source home, and
http://sourceforge.net/projects/tripwire is the Open Source development home.
AIDE stands for Advanced Intrusion Detection Environment. It is (was?)
designed to be an Open Source replacement for Tripwire, and has some nice
features. GPL. http://www.cs.tut.fi/~rammer/aide.html
LIDS (Linux Intrusion Detection System) is a bit more then just an IDS. It
aims to actually make it harder for an attacker to subvert the system. The
general idea is that you establish the system in the configuration you want,
and then use LIDS to freeze it in place, such that even the administrator
cannot modify the system without taking special actions (like booting from
removable media). http://www.lids.org
Note that I'm not endorsing any particular product here. Evaluate and make
your own decisions. :-)
HTH,
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
