No subject


Thu Nov 23 16:36:19 EST 2017


The Linux Intrusion Detection System is a patch which enhances
the kernel's security. When it is in effect, chosen files
access, all system/network administration operations, any
capability use, raw device, mem, and I/O access can be made
impossible even for root. You can define which program can
access which file. It uses and extends the system capabilities
bounding set to control the whole system and adds some network
and filesystem security features to the kernel to enhance
the security. You can finely tune the security protections
online, hide sensitive processes, receive security alerts
through the network, and more.

See also:  http://www.lids.org


Also from Freshmeat:

Snort is a lightweight network intrusion detection system,
capable of performing real-time traffic analysis and packet
logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a
variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting
attempts, and much more. Snort uses a flexible rule based
language to describe traffic that it should collect or pass,
and a modular detection engine. Snort has a real-time
alerting capability, with alert mechanisms for syslog, a user
specified file, a UNIX socket, or WinPopup messages to
Windows clients using Samba's smbclient.

See also: http://www.snort.org

Value is added by running snort even if you're only
protecting a single machine, unless you aren't running
any network services, in which case LIDS is plenty.
Of course, if you're not running any network services,
you don't need any protection at all unless you can't
depend on nobody walking up and cracking your machine.
Watch out for those rubber hoses in that case, too.  :)


~Patrick






More information about the Snort-users mailing list