On Thu, Dec 13, 2001 at 09:44:17AM +0800, Mike Blancas wrote: > aside from snort, what IDS do you guys here in the list use?
I'm using LIDS out of the box. Engarde distro ships with it already configured. But this is a host-based IDS, not a network IDS such as snort. What I've seen it do so far is pull out root's fangs, prevent installation of programs, and hide directories and files. There's more it can do, I suppose. Haven't gotten around to taking it apart. You can read the FAQ on http://www.linuxsecurity.com/docs/HOWTO/LIDS_FAQ.html There's an article on the linuxsecurity site on another host-based IDS called SNARE. http://www.linuxsecurity.com/articles/intrusion_detection_article-4140.html Very good site. Lots of security resources. You might find other network IDS there. Cheers -- Benjamin Oris Jr. <[EMAIL PROTECTED]> ImagineAsia, Inc. http://www.imagineasia.com/ A Digital Animation Studio (632) 717 1111 loc. 222 _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
