Mailinglist Archive: opensuse (2009 mails)

< Previous Next >
Re: [SLE] Free software for detecting an intrusion?
  • From: corvinr@xxxxxxxxxxxx (Corvin Russell)
  • Date: Fri, 15 Sep 2000 12:47:58 -0400
  • Message-id: <4.3.2.7.0.20000915124738.00adf2d0@xxxxxxxxxxxxxxxxx>



Well there's nothing so simple that you'll just get a "beep" that
infallibly tells you when you are being intruded on. Sometimes legitimate
activity might resemble illicit, and vice versa. What it's going to take is
a lot of work and self-education. For some people an easier plan might be
moderate attempts at prevention, scrupulous backups, and reinstall when
necessary. That's not a security policy, that's a reality policy.

But if you are concerned about security, a good place to start is
www.securityportal.com. Follow the links to the Linux Administrator's
Security Guide.

There are many kinds of intrusion detection tool available, most for
free. For example, tripwire comes with the SuSE distribution. (There is
also a binary-only commercial version that is more recent, avalable from
tripwire.com for free for home use.) This creates a database of signatures
for your important system files. You can run weekly checks to see if
anything has been changed. This is only effective if you have stored your
database on secure media (read-only) and have updated it each time you
alter your system (and are sure of exactly what alterations you have made).

Snort attempts to detect scans etc. in real time, AFAIK (haven't gotten
around to playing with it). However perhaps you should read up before
using it. As I recall it rides on libpcap and throws your network card
into promiscuous mode. Someone please correct me if I am wrong. If I am
not wrong, however, this could be a security problem in itself if you are
sending/receiving sensitive information in plain text, which you should not
be.

Also available with your SuSE distribution is the firewall
package. Running this and scanlogd, appropriately configured, will give
you lots of information on denied connection attempts. But you have to
read the logs.

There's also a free IDS from http://freeveracity.org/ I don't know much
about it, though.

There is a way to log failed logins, but I can't remember how to set it and
i'm in Windows now so i can't check :-(

Corvin

At 01:51 PM 9/15/00 -0300, you wrote:
>Hello
> Can anyone suggest me a good and free software for detecting an
>intrusion on my server? I was thinking of something that can be configured to
>send a sound when the attempt of intrusion is made and give a report of all
>login and attempts of logins on my server.
>
> Thanks a lot.
>
>Regards
>
>Eduardo
>
>--
>To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
>For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
>Also check the FAQ at http://www.suse.com/support/faq


--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/support/faq


< Previous Next >