On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha j...@lauricha.com wrote:
I'm surprised more people aren't running tripwire or other IDS.
I'd be interested to hear some recommendations for IDS to run on
internet facing servers. Especially from the point of view of ease of
installation, ease of
In 2be970b50906030853t29dfb90atd60089611f98e...@mail.gmail.com, john
wrote:
On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha j...@lauricha.com wrote:
I'm surprised more people aren't running tripwire or other IDS.
I'd be interested to hear some recommendations for IDS to run on
internet facing
Remember, that a HIDS (host IDS) is just a detective control on the
host. It shows that you have been hacked, you will probably want a
good NIDS (network IDS) to see what attacks are being attempted over
the wire.
HIDS is good to quickly detect a compromise...
Quoting Boyd Stephen Smith Jr. (b...@iguanasuicide.net):
I inherited a tripwire installation at some point. It was one mail message
per day (and if you didn't get that message you knew something was wrong).
It required a bit of tuning to not report errors regularly, but once I spent
that
On Wed, Jun 3, 2009 at 5:53 PM, john lists.j...@gmail.com wrote:
I'd be interested to hear some recommendations for IDS to run on
internet facing servers. Especially from the point of view of ease of
installation, ease of maintenance, quality of the tool, and ability to
have it deliver really
On Wed, 2009-06-03 at 08:53 -0700, john wrote:
On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha j...@lauricha.com wrote:
I'm surprised more people aren't running tripwire or other IDS.
I'd be interested to hear some recommendations for IDS to run on
internet facing servers. Especially from the
I really like OSSEC. It's licensed under GPL V3. The agent runs on
multiple platforms. It's easy to install, relatively easy to configure.
The agent is a self-contained HIDS, rootkit detector, log and file
monitor.
It can also decode Snort, Cisco PIX/ASA, IPTables, and a a whole lot of
other logs.
Hi,
If you run large nuber of hosts, i suggest samhain.
You have many features builtin (monitoring of files, system.map
altering, suid bits, appending only on log files etc.).
It works on client server model (a server who centralize hosts
integrity database).
Communications are secure (AES for
8 matches
Mail list logo