Intrusion Detection System

[Burner]

Hello all GNU/Linux users.

I'm a student and I'm doing an research about Open Source Host Intrusion Detection Systems and usability.

The work is almost done but I also want to do an quick(9 questions) survey online so I can compare it with my result.

The paper is limited to open source intrusion detection systems.

Please take a minute and make an contribution to this paper if your are using or have been using any system below.

*FCheck
*serverM
*AIDE
*Swatch

http://www.thegate.nu/idssurvey/

Thanks.

---------------------------------------
Debian user since -97

[hcgtv]

What happened to Snort?

http://www.snort.org/

[Burner]

What happened to Snort?

http://www.snort.org/

Snort is an NIDS and not HIDS.

Both NIDS and HIDS has pros and cons.

[hcgtv]

Snort is an NIDS and not HIDS.

Oh, ok I see.

So you're going after file changes, etc. Not so much how they enter.

[Burner]

Snort is an NIDS and not HIDS.

Oh, ok I see.

So you're going after file changes, etc. Not so much how they enter.

Right, HIDS can detect intrusions from the inside like:

*Backdoors
*New illegal users added
*Rootkit detection
*New services started
*Logfile analysing, like SSH bruteforce attacks

and a lot more.

[thamarok]

Not sure if it helps, but I found this the other day:
http://www.tripwire.com/products/enterprise/ost/
http://www.networkintrusion.co.uk/HIDS.htm
http://hogwash.sourceforge.net/docs/overview.html

[Burner]

Not sure if it helps, but I found this the other day:
http://www.tripwire.com/products/enterprise/ost/
http://www.networkintrusion.co.uk/HIDS.htm
http://hogwash.sourceforge.net/docs/overview.html

I have been using Tripwire before, but the I started to use FCheck. It does almost the same things.

The best IDS I have been using is LIDS(Linux Intrusion Detection System)

Combine LIDS with an tight configuration and serverM or Swatch, then you will have a rock solid GNU/Linux system