Well there's nothing so simple that you'll just get a "beep" that infallibly tells you when you are being intruded on. Sometimes legitimate activity might resemble illicit, and vice versa. What it's going to take is a lot of work and self-education. For some people an easier plan might be moderate attempts at prevention, scrupulous backups, and reinstall when necessary. That's not a security policy, that's a reality policy. But if you are concerned about security, a good place to start is www.securityportal.com. Follow the links to the Linux Administrator's Security Guide. There are many kinds of intrusion detection tool available, most for free. For example, tripwire comes with the SuSE distribution. (There is also a binary-only commercial version that is more recent, avalable from tripwire.com for free for home use.) This creates a database of signatures for your important system files. You can run weekly checks to see if anything has been changed. This is only effective if you have stored your database on secure media (read-only) and have updated it each time you alter your system (and are sure of exactly what alterations you have made). Snort attempts to detect scans etc. in real time, AFAIK (haven't gotten around to playing with it). However perhaps you should read up before using it. As I recall it rides on libpcap and throws your network card into promiscuous mode. Someone please correct me if I am wrong. If I am not wrong, however, this could be a security problem in itself if you are sending/receiving sensitive information in plain text, which you should not be. Also available with your SuSE distribution is the firewall package. Running this and scanlogd, appropriately configured, will give you lots of information on denied connection attempts. But you have to read the logs. There's also a free IDS from http://freeveracity.org/ I don't know much about it, though. There is a way to log failed logins, but I can't remember how to set it and i'm in Windows now so i can't check :-( Corvin At 01:51 PM 9/15/00 -0300, you wrote:

Hello Can anyone suggest me a good and free software for detecting an intrusion on my server? I was thinking of something that can be configured to send a sound when the attempt of intrusion is made and give a report of all login and attempts of logins on my server.

Thanks a lot.

Regards

Eduardo

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq