[CentOS] firewall based antivirus/trojan blocking and intrusiondetection [dnk]

Wed Apr 26 13:46:11 UTC 2006
William L. Maltby <BillsCentOS at triad.rr.com>

On Tue, 2006-04-25 at 22:24 -0400, Franklin S Werren wrote:
> I know it is not CentOS Build(Yet!!!)

I think not likely to be ever. It's LinuxFromScratch based. It tries to
be the minimal needed product to accomplish its goal. This follows the
philosophy of having nothing unneeded to help reduce exposure. To make
it CentOS (or any other major) distro based would open the door to
"incorrect" application, causing a weakening of its protections.

However, the source *is* available. But it includes only minimal
packages, minimally configured kernel, etc. Fitting onto a CentOS (or
similar) distro might be a lot of work. And then there is maintenance as
security updates occur. And then there are security vulnerabilities
introduced as non-security updates are applied. And then ... you see the
picture? IPCop effectiveness severely reduced while more work is needed.

Better to just do individual packages, iptables, etc. on your CentOS
distro, as OP originally was thinking.

That being said... see below.

> but www.ipcop.org works real well
> It has everything you may need
> <snip>

> Franklin S. Werren webmaster at bagpipes.net
> <snip sig stuff>

I heartily endorse IPCop if one has an old (or spare) machine laying
around. IPCop is small, efficient, easily installed, easily maintained,
simply configured, seems to do an excellent job, has source available if
you want to mod/add to it, ... In short, a great package.

I have cable broadband, Toshiba modem. IPCop on P54 200MHz, 96MB ram,
three *cheap* PCI NICs (8139 and ee100 based) get me appx. 60MB/sec
through cat 5 cable hooked to SMC GigaBit switch (no giga NICs installed
yet, just normal 100MB FD cheapos or on-board).

On a 100MHz AMD 5x86 (? 486 clone) 36MB ram, 3 old 3C509 half-duplex
NICs ... 570MB/sec.

IBM Aptiva, 486DX/66 32MB ram, 2 old 3C509 half-duplex NICs, 470MB/sec.

I'm well pleased with it. Includes logging, multi-zone security levels,
log extractions. Installable via CD-ROM or over a network.

> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
> Of Rodrigo Barbosa
> <snip sig stuff>

> On Tue, Apr 25, 2006 at 01:32:46PM -0700, dnk wrote:
> > Can anyone recommend an opensource package (preferably something 
> > centos 4X compatible) that can be used on a (iptables) firewall to 
> > block virus/trojan, etc? And maybe something for intrusion detection?
> Intrusion Detection = Snort
> Proxy AV = HAVP
> []s
> - --
> Rodrigo Barbosa <rodrigob at suespammers.org> "Quid quid Latine dictum sit,
> altum viditur"
> <snip sig stuff>

IMO, if you want a very good gateway/firewall package and have an old
machine laying around and a few NICs, IPCop is a good way to go. Even
adding only one or two small functions might be still a good decision.

If you have a machine which must serve *several* other purposes as well
(even being a backup to carry more load only if another machine is
down), use your CentOS and apply some of the packages mentioned and do
your firewall in a custom way.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060426/d9b1299f/attachment-0005.sig>