Hello all, I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately). Thank you, Dan Burkland ?
On Thu, 2010-03-04 at 16:02 -0600, Dan Burkland wrote:> Hello all, > > I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately). >I don't remember my exact thought process, but I've been using "afick" from RPMforge for a few years now. It does have a GUI available, though I don't use it myself.> Thank you, > > Dan Burkland > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-- Ron Loftin reloftin at twcny.rr.com "God, root, what is difference ?" Piter from UserFriendly
On Thu, Mar 4, 2010 at 5:02 PM, Dan Burkland <dburklan at nmdp.org> wrote:> Hello all, > > I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).You can use auditd to watch specific files if you're after some key things. Beyond that I just use aide. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell
On Thu, Mar 4, 2010 at 2:02 PM, Dan Burkland <dburklan at nmdp.org> wrote:> Hello all, > > I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately). > > Thank you, > > Dan BurklandI would use tripwire or Cfengine, run frequently, they can both send alerts if files get changed. Best, -at
Dan Burkland wrote:> Hello all, > > I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately). > >I use aide and ossec to get the warnings> Thank you, > > Dan Burkland > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-------------- next part -------------- A non-text attachment was scrubbed... Name: rkampen.vcf Type: text/x-vcard Size: 121 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20100304/a3bfc220/attachment-0002.vcf>
Greetings, On Fri, Mar 5, 2010 at 3:32 AM, Dan Burkland <dburklan at nmdp.org> wrote:> Hello all, > > I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).inotify perhaps? Regards Rajagopal
On Fri, Mar 5, 2010 at 12:02 AM, Dan Burkland <dburklan at nmdp.org> wrote:> Hello all, > > I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately). > > Thank you, > > Dan BurklandHello Dan, For auditing your entire network for patches / vulnerabilities I recommend you use Nessus. For server protection you can use tripwire and clamav. Clamav can detect and block most rootkits and exploit code, therefor the attacker will not be able to execute it. Theoretically... :-) Best regards, Bazy
On Thu, 4 Mar 2010, Dan Burkland wrote:> Hello all, > > I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately). > > Thank you, > > Dan Burkland > ? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >Try OSSEC, seems nice.
> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Nux > Sent: Friday, March 05, 2010 1:51 PM > To: centos at centos.org > Subject: Re: [CentOS] Intrusion Detection > > On Thu, 4 Mar 2010, Dan Burkland wrote: > > > Hello all, > > > > I have been exploring the various intrusion detection systems available > for the Linux platform and was wondering what ones you all would > recommend? I have used AIDE before and while it is extremely easy to > setup, it does not support the ability to send alerts as files are changed > (allows one to be aware of an intrusion almost immediately). > > > > Thank you, > > > > Dan Burkland > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > Try OSSEC, seems nice.Thank you all for your suggestions, I have been evaluating OSSEC so far and like it quite a bit. I just need to figure out how to get it to email me nightly reports of all modifications to the file system every night like I did with AIDE.