Intrusion detection tools
Bob Smith
bob at netprt.com
Sat Sep 18 14:00:41 UTC 2004
This topic is a actually pretty large one. The Software Engineering
Research Laboratory at the University of Colorado created a platform
based on their Siena project to make an event notification scheme available,
but it was the agents that detected it that were very specific to each
system. And since every OS is different, it's not likely that there's a
one stop answer.
Tripwire is certainly one point to look at, but the messages, particularly
on a large file system, will be numerous, and you'll need to create
a filter to find specific events.
Also, you can write a couple of shell scripts, which I was planning on
doing myself, to look at the /var/log/messages, /var/log/maillog and
the related FTP and HTTP log files to check on activities that are
questionable. For example, you can do quick greps for "authentication
failure" messages.
I'm sure there's probably packages out there that are more robust, and
you might try checking some of the internet security sites for ideas
and toolkits.
-Bob
> hi, I need to setup an intrusion detection system, where I can see
> user activities like failed attemps, file modified by the user etc. I
> was thinking of TRIPWIRE but it only checks files integrity not the
> user attempts.
>
> Any comments
>
> Asif
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list