[CentOS] Intrusion Detection

Fri Mar 5 07:15:25 UTC 2010
Bazy <bazy84 at gmail.com>

On Fri, Mar 5, 2010 at 12:02 AM, Dan Burkland <dburklan at nmdp.org> wrote:
> Hello all,
>
> I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
>
> Thank you,
>
> Dan Burkland

Hello Dan,

For auditing your entire network for patches / vulnerabilities I
recommend you use Nessus. For server protection you can use tripwire
and clamav. Clamav can detect and block most rootkits and exploit
code, therefor the attacker will not be able to execute it.
Theoretically... :-)

Best regards,
Bazy