I was looking for a replacement for the trisentry (portsentry, hostsentry, logcheck) that is being maintained and doesn't have licensing issues when I found snort.org. From what I've been able to learn so far it seems to be a very robust, well developed and supported IDS program. My questions are: 1. Why isn't snort included with Fedora? What is Fedora's IDS software (if any)? 2. Has anyone tried to use snort with Fedora and how well does it work? 3. Does anyone know of any other good IDS programs that will also automatically link with iptables to dynamically block attacks?
