Mailinglist Archive: opensuse (2009 mails)
|< Previous||Next >|
Re: [SLE] Free software for detecting an intrusion?
- From: bruce@xxxxxxxxxx (Bruce)
- Date: Sat, 23 Sep 2000 23:47:49 +1100
- Message-id: <firstname.lastname@example.org>
This approach is very dangerous. Yes, tripwire etc, but prevention
first. DONT RELY ON THESE TOOLS.
Most sites I have seen have not nailled down their firewalls (IPCHAINS etc)
Lock everything out by default first. THEN allow each service in one by one.
If you don't want logins directly, lock off telnet SSH etc.
and allow specific users in only when they register their IP address
with you. We do this using a browser and a perl script.
Known users have known machines, otherwise no way.
On the otherside of the coin, we have several hundreds of intrusion
attempts on our machines each day, mostly smb/samba and sunrpc
- everyone is logged - and specific hack users are simply DENYied
from accessing anything at all!!
So playing an MP3 sound for each intrusion going to be very noisy!!!
>> > Can anyone suggest me a good and free software for detecting an
>> >intrusion on my server? I was thinking of something that can be
>> >configured to
>> >send a sound when the attempt of intrusion is made and give a report of
>> >login and attempts of logins on my server.
>> I just saw this package on freshmeat. It's a perl package
>> that resds logs and plays an mp3 when an event is discovered.
>> Good timing eh?
>As I'm sure you're aware, failed root login attempts are logged in
>/var/log/messages, but I'm not sure about normal user logins.
>Portscans can be detected with scanlogd, while general intrusion
>detection can be performed by tripwire (monitors files and checks to see
>if their contents have changed).
>Hope that helps,
> __ _
> -o)/ / (_)__ __ ____ __ Chris Reeves
> /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005
> _\_v __/_/_//_/\_,_/ /_/\_\
>To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
>For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
>Also check the FAQ at http://www.suse.com/support/faq
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/support/faq
|< Previous||Next >|