| View previous topic :: View next topic |
| Author |
Message |
Ozymandias
Tux's lil' helper
Joined: 10 Apr 2002
Posts: 81
Location: Netherlands
|
 Posted: Fri Jul 05, 2002 12:05 am Post subject: anti hacker tools like tripwire |
 |
|
Hi there,
I run a gentoo server, but would like to have something like tripwire and a log reporter. What should I use?
greetz Ozy |
|
| Back to top |
|
 |
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Fri Jul 05, 2002 12:08 am Post subject: |
|
|
Why not use tripwire?
_________________
I don't believe in witty sigs. |
|
| Back to top |
|
|
Nitro
Bodhisattva
Joined: 08 Apr 2002
Posts: 661
Location: San Francisco
|
| Posted: Fri Jul 05, 2002 12:19 am Post subject: |
|
|
Try running snort + ACID. Snort is an IDS (intrustion detection system) and ACID shows the snort logs in a readable form. 
Snort: http://www.snort.org/
ACID: http://acidlab.sourceforge.net/
It isn't just an install and be done. You have to read the results, and edit the rules. If I say '/bin/bash' (whoops I just said it huh?) snort will log that it is a WEB-MISC bash expoit. Oh well, if someone hammers the heck outta your server you will see that too.
_________________
- Kyle Manna
Please, please SEARCH before posting.
There are three kinds of people in the world: those who can count, and those who can't. |
|
| Back to top |
|
|
Ozymandias
Tux's lil' helper
Joined: 10 Apr 2002
Posts: 81
Location: Netherlands
|
| Posted: Fri Jul 05, 2002 12:50 am Post subject: |
|
|
I looked into snort a while ago, it looks a bit extensive for my use, but maybe I'll give it a try.
greetz ozy |
|
| Back to top |
|
|
elcesar
n00b
Joined: 11 Jul 2002
Posts: 16
|
| Posted: Tue Jul 16, 2002 6:43 am Post subject: Re: anti hacker tools like tripwire |
|
|
| Ozymandias wrote: | Hi there,
I run a gentoo server, but would like to have something like tripwire and a log reporter. What should I use?
greetz Ozy |
As a log reporter y suggest you to use "metalog" replacing your old syslog. It's regular expresion search through the log files will do what you want. |
|
| Back to top |
|
|
Xor
Tux's lil' helper
Joined: 07 Jul 2002
Posts: 144
|
| Posted: Tue Jul 16, 2002 9:39 am Post subject: |
|
|
[quote="delta407"]Why not use tripwire?[/quote]
seems tripwire is finally gpl ... anyway... aide is also quite good |
|
| Back to top |
|
|
Chris W
l33t
Joined: 25 Jun 2002
Posts: 972
Location: Brisbane, Australia
|
| Posted: Tue Jul 16, 2002 10:26 am Post subject: |
|
|
For a not-quite-GPL option you could also look at PureSecure from Demarc.
It requires registration to download and is free (beer) for home use. Makes use of MySql, Apache, perl and snort, and produces pretty WWW pages from them.
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein |
|
| Back to top |
|
|
argent
n00b
Joined: 15 Aug 2002
Posts: 1
Location: Akron, Ohio
|
| Posted: Thu Aug 15, 2002 1:30 am Post subject: |
|
|
Well, on the subject of IDS's....
There are two kinds, Network IDS (or NIDS) like snort, etc. And there are Host IDS (or HIDS) like Tripwire.
NIDS are good for logging hack attempts against your network, like syn-attacks, or Code Red attacks. But they won't tell you if your host has been compromised.
HIDS are good to tell if any files have been modified on your system, which *could* tell you if your system may have been hacked. But they won't tell you if anyone's trying to get in.
So, you need to figure out what you want to watch for, and choose accordingly.
argent |
|
| Back to top |
|
|
|
Networking & Security
