6 Oct
2005
6 Oct
'05
17:05
Dragan Andric wrote:
Dear all,
Please advice for some feature rich and automatic IDS sw for SUSE Linux. I'm seeking for a IDS that I can setup a event/action combination.
P.E. If somebody try an unauthorized login on a system after three atempt I would like to ban this adress for some time (24h) I have an idea how to resolve that using a log parsing and iproute command but I'm affraid that the performance of my server will drop dramaticly.
Enterasys Dragon is probably one of the best (http://www.enterasys.com/ids/). In case your 6-figure budget got cut a a bit, you can also try "prelude" (http://www.prelude-ids.org). cheers, Rainer