Intrusion Detection System
Bret McMillan
bretm at redhat.com
Thu Sep 11 14:13:52 UTC 2008
Luke Macken wrote:
> Hey all,
>
> A couple of weeks ago I did an initial deployment of an Intrusion
> Detection System in our infrastructure. It utilizes the prelude stack,
> and is currently powered by auditd and prelude-lml events. Audit gives
> us a ridiculous amount of power with regarding to monitoring
> everything that happens on a system. Prelude-lml, out of the box
> using it's pcre plugin, is able to watch a large variety of service
> logs, including many things we are running (asterisk, mod_security,
> nagios, cacti, PAM, postfix, sendmail, selinux, shadowutils, sshd,
> sudo). Prewikka is the web-based frontend
> (https://admin.fedoraproject.org/prewikka).
Permission denied post-login :)
But looking forward to seeing this in action :)
--Bret
More information about the Fedora-infrastructure-list
mailing list