> Given my servers, I won't prefer experimentation with it. Indeed, if it aint broke dont fix it :-)
> How many people can I trust and how many of them can I control ? We cant trust anyone. > A bunch of people in a group can be trusted because I might know them in > person but your idea of _distributed monitoring_ will also include > unwanted folks. Ofcourse initially it has to start from within a closed group, ppl we trust, but in case there are unwanted folks, would that make any difference. I do believe there are more good ppl than bad ppl. > And what are audit and reporting tools for ? They are always there, and we cannot live without them, but with ref to my previous mail, so many new users are shifting to GNU/ Linux and if their initial experience with GNU is difficult, we may not be able to retain them for long. We can *always* tell them to RTFM, and do proper study, but hey that is only possible in theory, "after reading a bunch of docs a GNU/ Linux system can not be made rock solid" Many ppl will need third party confirmations to know that their system is atleast standable. My point is, it is possible to do remote scanning, the kind of carried out by bad ppl, and we try to find vulnerabilities, and we report them back and not exploit them. And also to do maybe routine checks for any change in services. And also to point out possible configuration erros. A distributed system in which a newbie knows **how to participate**. The community can help there. If some ppl in the community are bad, the scale of the community will ensure that the problem gets reported back, and maybe fixed, something like how FLOSS works, how Free(dom) software works, share not sit on information and not something like blacklisting the exploited system (that is what XBL and RBL do). Blacklisting can be the last option. You can find so many ppl around who have no idea why their mail servers are not able to send mail to yahoo/ rediff/ hotmail etc etc. > On my servers logcheck informed me that they were being hit badly by some > script kiddies who were continuously polling on port 22. > Four iptables rule and it got done. How many IPs can we block, especially when the kiddo is maybe using a dynamic IP address. And can the newbie do that? On other hand this distributed system can be used to feed or act as a black list, that can change dynamically, maybe against DDoS as well. Ofcourse all of this is just an idea and needs work/ improvements. And as you suggested still workable on a smaller scale. ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
