Investigating HIDS Options
Posted by Stuart Herbert @ 12:32 AM, Sat 14 Oct 06
Filed under: LAMP Server
3 Comments
One of the things that we need in the LAMP Server seed is a host-based intrusion detection system. It’s not the sort of tool that I’ve played with before; it’s nice to get to learn something new for a change 
One of the packages I’m evaluating is ossec-hids. I’ve put together a basic package for this in my overlay (layman -a stuart-server). If I decide to take on the responsibility of maintaining this package longer term, I’ll move it across to the main Portage tree.
Samhain is also on the list, as is rkhunter. Any other packages I should be looking at?
3 Comments
October 14th, 2006 at 4:02 am
You may want to check out http://www.gentoo.org/proj/en/hardened/prelude-ids.xml
October 14th, 2006 at 6:50 am
How about AIDE?
http://www.cs.tut.fi/~rammer/aide.html
October 17th, 2006 at 1:07 pm
I’m still using gShield as firewall, which is blocking lots of stuff (a lot is even not logged, to avoid filling my logs with crap). But even though IDS feels like a bit of overkill for a private system it’d still be interesting if it reported valid stuff that one could take some real action on.
On another note, isn’t most hacks/exploits still targeting Windows systems?
Add Your Comments To This Article Using The Form Below
Your comments may not appear until they have been approved by a moderator.