On Wed, 2009-06-03 at 08:53 -0700, john wrote:
> On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha <
josh@...> wrote:
> > I'm surprised more people aren't running tripwire or other IDS.
> I'd be interested to hear some recommendations for IDS to run on
> internet facing servers. Especially from the point of view of ease of
> installation, ease of maintenance, quality of the tool, and ability to
> have it deliver really useful information to the admin.
It really depends on what you want. I'm using a combination of PADS
(Passive Attack Detection System) and fail2ban ... these can both be run
on either a host or a router, and integrate with netfilter. You can
customise what they are looking for to report and ban. Fail2ban is good,
it lets me blackhole people attempting nasty things in quick order ...
even better when combined with ipset and a decent firewall setup.
--
Nikolai Lusan <
nikolai@...>
--
To UNSUBSCRIBE, email to
debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact
listmaster@...
