Remember, that a HIDS (host IDS) is just a detective control on the
host. It shows that you have been hacked, you will probably want a
good NIDS (network IDS) to see what attacks are being attempted over
the wire.
HIDS is good to quickly detect a compromise...
http://sourceforge.net/projects/aidehttp://packages.debian.org/search?keywords=aideOn Jun 3, 2009, at 9:55 AM, Boyd Stephen Smith Jr. wrote:
> In <
2be970b50906030853t29dfb90atd60089611f98e336@...>, john
> wrote:
>> On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha <
josh@...>
>> wrote:
>>> I'm surprised more people aren't running tripwire or other IDS.
>>
>> I'd be interested to hear some recommendations for IDS to run on
>> internet facing servers.
>
> I inherited a tripwire installation at some point. It was one mail
> message
> per day (and if you didn't get that message you knew something was
> wrong).
>
> It required a bit of tuning to not report errors regularly, but once
> I spent
> that time it was fairly hands-off.
> --
> Boyd Stephen Smith Jr. ,= ,-_-. =.
>
bss@... ((_/)o o(\_))
> ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
>
http://iguanasuicide.net/ \_/
>
--
To UNSUBSCRIBE, email to
debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact
listmaster@...
