Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
Thank you,
Dan Burkland
On Thu, 2010-03-04 at 16:02 -0600, Dan Burkland wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
I don't remember my exact thought process, but I've been using "afick" from RPMforge for a few years now.
It does have a GUI available, though I don't use it myself.
Thank you,
Dan Burkland
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, Mar 4, 2010 at 5:02 PM, Dan Burkland dburklan@nmdp.org wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
You can use auditd to watch specific files if you're after some key things. Beyond that I just use aide.
Jim Perrin wrote:
On Thu, Mar 4, 2010 at 5:02 PM, Dan Burkland dburklan@nmdp.org wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
You can use auditd to watch specific files if you're after some key things. Beyond that I just use aide.
I like tripwire and rkhunter.
Mike
On Thu, Mar 4, 2010 at 2:02 PM, Dan Burkland dburklan@nmdp.org wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
Thank you,
Dan Burkland
I would use tripwire or Cfengine, run frequently, they can both send alerts if files get changed.
Best, -at
Dan Burkland wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
I use aide and ossec to get the warnings
Thank you,
Dan Burkland
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Greetings,
On Fri, Mar 5, 2010 at 3:32 AM, Dan Burkland dburklan@nmdp.org wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
inotify perhaps?
Regards
Rajagopal
On Fri, Mar 5, 2010 at 12:02 AM, Dan Burkland dburklan@nmdp.org wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
Thank you,
Dan Burkland
Hello Dan,
For auditing your entire network for patches / vulnerabilities I recommend you use Nessus. For server protection you can use tripwire and clamav. Clamav can detect and block most rootkits and exploit code, therefor the attacker will not be able to execute it. Theoretically... :-)
Best regards, Bazy
On Thu, 4 Mar 2010, Dan Burkland wrote:
Hello all,
I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
Thank you,
Dan Burkland _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Try OSSEC, seems nice.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Nux Sent: Friday, March 05, 2010 1:51 PM To: centos@centos.org Subject: Re: [CentOS] Intrusion Detection
On Thu, 4 Mar 2010, Dan Burkland wrote:
Hello all,
I have been exploring the various intrusion detection systems available
for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
Thank you,
Dan Burkland
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Try OSSEC, seems nice.
Thank you all for your suggestions, I have been evaluating OSSEC so far and like it quite a bit. I just need to figure out how to get it to email me nightly reports of all modifications to the file system every night like I did with AIDE.
-
Aleksey Tsalolikhin -
Bazy -
Dan Burkland -
Jim Perrin -
Mike McCarty -
Nux -
Rajagopal Swaminathan -
Rob Kampen -
Ron Loftin