Hi Tim, On Tue, 2004-05-11 at 23:05, Tim Alberts wrote: > I was looking for a replacement for the trisentry (portsentry, hostsentry, > logcheck) that is being maintained and doesn't have licensing issues when I > found snort.org. From what I've been able to learn so far it seems to be a > very robust, well developed and supported IDS program. My questions are: > > 1. Why isn't snort included with Fedora? What is Fedora's IDS software (if > any)? Not too sure about that, but Snort works wonderfully with FC :) > 2. Has anyone tried to use snort with Fedora and how well does it work? As I mentioned above, it works great. There are several howtos out there detailing setup for snort + RH (not much difference from FC) + ACID, and it's not difficult to set up at all. > 3. Does anyone know of any other good IDS programs that will also > automatically link with iptables to dynamically block attacks? AFAIK, only snort works well with iptables with the inline patch. Google for snort-inline and iptables, and you should find some good documentation. Cheers, Callan
Attachment:
signature.asc
Description: This is a digitally signed message part
