Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] IDS software
  • From: Rainer Duffner <rainer@xxxxxxxxxxxxxxx>
  • Date: Thu, 06 Oct 2005 19:05:38 +0200
  • Message-id: <43455962.7000003@xxxxxxxxxxxxxxx>
Dragan Andric wrote:

Dear all,

Please advice for some feature rich and automatic IDS sw for
SUSE Linux.
I'm seeking for a IDS that I can setup a event/action combination.

P.E. If somebody try an unauthorized login on a system after three
atempt I would like to ban this adress for some time (24h)
I have an idea how to resolve that using a log parsing and iproute command but I'm affraid that the performance of my server will drop
dramaticly.



Enterasys Dragon is probably one of the best (http://www.enterasys.com/ids/).

In case your 6-figure budget got cut a a bit, you can also try "prelude" (http://www.prelude-ids.org).




cheers,
Rainer

< Previous Next >
References