[CentOS] Intrusion Detection Systems

Stephen John Smoogen smooge at gmail.com
Wed Sep 26 22:05:08 UTC 2007


On 9/26/07, John Hinton <webmaster at ew3d.com> wrote:
> Situation: We are providing hosting services.
>
> I've grown tired of the various kiddie scripts/dictionary attacks on
> various services. The latest has been against vsftpd, on systems that I
> can't easily control vs. putting strict limits on ssh. We simply have
> too many users entering from too many networks many with dynamic IP
> addresses.
>
> Enter.... thinking about LIDS or Log Based Intrusion Detection.
>
> I've run across four systems.
>
> Blockhosts, DenyHosts, fail2ban and OSSEC.
>
> DenyHosts apparently only works with ssh, so I've discounted using that.

denyhosts will work with anything that uses tcp_wrappers. You can futz
it to work with ssh, vsftpd, etc. However beyond that I can't be of
much help at the moment. I would say go with multiple layers as much
as possible.



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"



More information about the CentOS mailing list