[CentOS] Intrusion Detection Systems

Wed Sep 26 22:05:08 UTC 2007
Stephen John Smoogen <smooge at gmail.com>

On 9/26/07, John Hinton <webmaster at ew3d.com> wrote:
> Situation: We are providing hosting services.
> I've grown tired of the various kiddie scripts/dictionary attacks on
> various services. The latest has been against vsftpd, on systems that I
> can't easily control vs. putting strict limits on ssh. We simply have
> too many users entering from too many networks many with dynamic IP
> addresses.
> Enter.... thinking about LIDS or Log Based Intrusion Detection.
> I've run across four systems.
> Blockhosts, DenyHosts, fail2ban and OSSEC.
> DenyHosts apparently only works with ssh, so I've discounted using that.

denyhosts will work with anything that uses tcp_wrappers. You can futz
it to work with ssh, vsftpd, etc. However beyond that I can't be of
much help at the moment. I would say go with multiple layers as much
as possible.

Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"