On Mon, 2005-02-21 at 19:58, Michael Leung wrote: > Hi all, > I am trying to improve the security of my server. Does anyone know > Fedora Core 3 come with any IDS? I Or you can remcommend to me any IDS > which is easy to install and config? There are a couple of different types of IDS tools available. You can get tripwire and chkrootkit or rkhunter. These tools look for indications that your system has been compromised. Tripwire is very good although a little configuration intensive when you first set it up. Tripwire monitors specified files for any kind of changes. You can configure a report in cron to run periodically that shows any changes that have occurred on your system. chkrootkit and rkhunter look for actual signs of common root kits, files, permissions, that sort of thing. Another is snort. This tool looks at network traffic and can be configured to look for suspicious packets and such. Rules can be written to auto block sites that suspicious activity originates from. Another is portsentry. It all depends on what you want to setup. tripwire and its like will detect stuff after it happens no matter if the user is at the console or came in from the network. Portsentry and snort look at it from the network side and can be a little proactive as they can be configured to block connections as soon as something odd is detected. But be careful. Such tools can be used to DOS your own box if someone figures out what you are running and the rules used to trigger it. -- Scot L. Harris webid@xxxxxxxxxx I've run DOOM more in the last few days than I have the last few months. I just love debugging ;-) (Linus Torvalds)
