PDA

View Full Version : [ubuntu] Intrusion detection/prevention system



phoenixfire900
February 3rd, 2010, 06:16 PM
is there any Intrusion/prevention detection program with a GUI and an easy interface and has alerts that pop up whenever there is a threat?

running_rabbit07
February 3rd, 2010, 06:48 PM
...

diablo69er
February 3rd, 2010, 06:50 PM
Well their is arcsight..but that's well over a couple hundred thousand dollars...

As far as stuff that's free really is alls you need is SNORT. Maybe their is another program that someone else may know about that is a GUI. But my opinion is if your not willing to check your log files everyday..then a IDS is probably not going to benefit you much more anyways.

bodhi.zazen
February 4th, 2010, 12:05 AM
is there any Intrusion/prevention detection program with a GUI and an easy interface and has alerts that pop up whenever there is a threat?

If I had a pop up alert for every attempt to access my ssh server I would pull my teeth out.

Many of the intrusion detection systems can be configured to send you an email as an alert and many have a graphical web based interface.

At a bar minimum you need something like snort to at least filter out all the important stuff. If you use snort, use base, a web based gui.

For HIDS use OSSEC or Niagos

For desktop users you almost certainly do not need such a thing, thus most are web and email based for remote access to a server.

I highly advise against using firestarter as an intrusion detection system.