sorry - did not mean to sound Ape-ish :-)
I am pretty easy to get along with - or so I hope.
I think your right.
I thought snort was in there as a package -but sure enough - its not.
Seems it dropped out.
Sadly I cant find the pkg to include.
Lets go back to the original question - and maybe we can figure out
what software is there already to do this.
We have roughly 20 or so servers - multiple subnets etc
Each run cPanel
On cPanel they use CSF/LFD from www.ConfigServer.com
CSF is a basic frontend for iptables. LFD is the brute force
detection. - CSF/LFD is actually 1 free product however.
The way this system works is - the LFD will write to a log file -
called deny.txt
I am thinking a central system that pulls from each of the cPanel
servers deny.txt file and parses out the ip's
and then writes them to a log which gets sent over to the PFSense
server and PF can then deny would be an excellent add on.
Push / Pull - your advice is greatly appreciated.
If you have a solution that would work here - like SnortSAM - i am all
for it.
In fact when looking @ SnortSam it is kinda doing what I am suggesting.
The difference is - if something goes through snort - the local system
is catching it... and therefore it is still protected in this other
scenario.
:-)
figured if we chat about it - we can come up with something an entire
community can use -
I am all for debate - if it makes a better product for the community
Back to the Zoo -
Glenn
On Sep 23, 2008, at 12:16 PM, RB wrote:
ke re-inventing SnortSam; maybe you
guys should look into it before chasing the bounty road too far.
Packaging existing software will always be cheaper than reinventing
the wheel with a new script.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
