On 09/03/2010 11:38 PM, Orion Vianna wrote:
Things that I'm thinking of doing:
- Install snort - network intrusion prevention and detection ( I did
this years ago but IIRC it used to generate many false alerts)
Is there any good companion software for snort? Something that can
digest snorts data and present it nicely formatted to me over email
and/or web interface. This seems interesting
http://sguil.sourceforge.net/index.html but I don't know if it provides
email notifications.
- install Nagios (IIRC it can send notifications when services are down)
- Install munin for performance monitoring
- change sshd port (is it worth the extra trouble?)
- alerts for any type of terminal login (is this possible?)
One thing to remember, the bulk of break ins to systems is via the web
application layer. Denyhosts (or equiv) plus just having reasonable
passwords secures your ssh vector, beyond that is getting overkill fast.
Focus should really be on securing your web apps. That means keeping on
top of security updates for those apps.
-Sean
--
__________________________________________________________________
Sean Dague Learn about the Universe with the
sean at dague dot net Mid-Hudson Astronomical Association
http://dague.net http://midhudsonastro.org
There is no silver bullet. Plus, werewolves make better neighbors
than zombies, and they tend to keep the vampire population down.
__________________________________________________________________
_______________________________________________
Mid-Hudson Valley Linux Users Group http://mhvlug.org
http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
Upcoming Meetings (6pm - 8pm) MHVLS Auditorium
Oct 6 - Creating Browser Extensions for Firefox and Chrome
Nov 3 - Bug Labs
Dec 1 - Dec 2010 Meeting
