Re: Recommend good IDS? was Re: /dev/shm/r?

[Steven Brunasso <sbrunasso@gmail.com>]

Remember, that a HIDS (host IDS) is just a detective control on the  
host.  It shows that you have been hacked, you will probably want a  
good NIDS (network IDS) to see what attacks are being attempted over  
the wire.

HIDS is good to quickly detect a compromise...


http://sourceforge.net/projects/aide
http://packages.debian.org/search?keywords=aide



On Jun 3, 2009, at 9:55 AM, Boyd Stephen Smith Jr. wrote:

> In <[🔎] 2be970b50906030853t29dfb90atd60089611f98e336@mail.gmail.com>, john
> wrote:
> > On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha <josh@lauricha.com>  
> > wrote:
> > > I'm surprised more people aren't running tripwire or other IDS.
> >
> > I'd be interested to hear some recommendations for IDS to run on
> > internet facing servers.
>
> I inherited a tripwire installation at some point.  It was one mail  
> message
> per day (and if you didn't get that message you knew something was  
> wrong).
>
> It required a bit of tuning to not report errors regularly, but once  
> I spent
> that time it was fairly hands-off.
> --
> Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
> bss@iguanasuicide.net            	((_/)o o(\_))
> ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
> http://iguanasuicide.net/        	     \_/