Page 2 of 31 FirstFirst 123412 ... LastLast
Results 11 to 20 of 309

Thread: Intrusion Detection

  1. #11
    Join Date
    Jan 2008
    Location
    /dev/null
    Beans
    2,793
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Intrusion Detection

    Quote Originally Posted by Rocket2DMn View Post
    The Ubuntu Guru strikes again!

    Thanks bodhi, this thread is great, I think it's your best so far. I look forward to putting it to good use very soon.
    +1 You've outdone yourself this time

  2. #12
    Join Date
    Sep 2006
    Location
    Chicago
    Beans
    355

    Re: Intrusion Detection

    I endorse this thread.
    UbuntuBeginnersTeam
    UbuntuSecurity
    Blawg
    Questions pertaining to "stealthed" ports kind of make me LOL IRL

  3. #13
    Join Date
    May 2008
    Location
    jordan
    Beans
    311
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: Intrusion Detection

    thanks a lot man

    you have done a huge effort you are very nice ,,,,,,
    Ubuntu : Hi......Microsoft : GoodBye.....

    HAHAHAHAHAHAHAHAHA

  4. #14
    Join Date
    Jan 2006
    Beans
    201

    Re: Intrusion Detection

    You are an absolute genious of security.

    Thanks so much.

    Daniel

  5. #15
    Join Date
    Feb 2008
    Location
    http://www.Lundro.AL
    Beans
    50
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Intrusion Detection

    can i install both
    without create any conflict ?

    if install both do they need a lot off CPU recourse ?

  6. #16
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    Quote Originally Posted by etusha View Post
    can i install both
    without create any conflict ?

    if install both do they need a lot off CPU recourse ?
    snort and ossec perform different tasks and are complementary. See :

    Security Focus ~ An Introduction to Intrusion Detection Systems

    Yes you can run them together. "lot of CPU" is subjective and means different things to different people. In general snort and ossec do not slow down your web server and if they do, IMO, your server is probably underpowered.
    Last edited by bodhi.zazen; October 1st, 2008 at 04:11 PM.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  7. #17
    Join Date
    Nov 2005
    Beans
    9

    Re: Intrusion Detection Korset

    Code-based Intrusion Detection for Linux by Ohad Ben-Cohen and Avishai Wool :
    http://www.korset.org/?page_id=2

  8. #18
    Join Date
    Sep 2007
    Location
    Nothern Side of the Earth
    Beans
    70
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Intrusion Detection

    Just a newbie question:
    Does that info have any use for desktop version of Ubuntu?
    I do have ufw enabled and ports closed, but I want to monitor internet connections and other things. Can I use snort and the other thing for that???
    Sorry, I know I do look like an incompetent person now, but... I really am)))
    Thanks very much for this post
    "I recommend Ubuntu." Bill Gates
    "Let's install Ubuntu on Mac." Steve Jobs
    (Ubuntu - linux for human beings, get it free at www.ubuntu.com)

  9. #19
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    Quote Originally Posted by RRFarFar View Post
    Just a newbie question:
    Does that info have any use for desktop version of Ubuntu?
    I do have ufw enabled and ports closed, but I want to monitor internet connections and other things. Can I use snort and the other thing for that???
    Sorry, I know I do look like an incompetent person now, but... I really am)))
    Thanks very much for this post
    No problem, ask away.

    You are asking the right questions, but you will get a range of answers depending on who you ask.

    Rather then turn this thread into a meandering debate re: firewalls and security I would prefer to keep it on topic, ie intrusion detection.

    My best advice is that you start by asking yourself what it is you are trying to accomplish and determine your own level of "paranoia". Next read through some of the links I provided and determine the right tool for the job.

    ossec == HIDS
    snort == NIDS

    As most people come from a Windows background, the HIDS systems are most familiar. These are tools to monitor your host (desktop) for changes in system files. For example on Windows one scans for viruses or other malware (adblock software is often HIDS).

    You are asking about NIDS, ie monitoring network traffic. Snort captures or monitors all network activity (packets) going to and coming from your Desktop (or server). You will likely recieve several thousand packets in short order, Snort filters through these thousands of packets by checking each packet against a set of "rules" and logs sustpcious activity to a database (mysql). You then use Base to generate a "report" you can view on any web browser. From there you will need to research any "alerts". How you manage alterts then is also a matter of style.

    There are other tools for each of these tasks including wireshark (which will keep the contents of all packets, not just alerts) , barnyard (as an alternate to mysql) etc.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #20
    Join Date
    Jun 2008
    Location
    Colombia
    Beans
    443

    Re: Intrusion Detection

    Quote Originally Posted by bodhi.zazen View Post
    Although snort is in the repositories you will need to compile snort yourself. This is because the binary in Ubuntu does not have support for snort logging to a mysql database enabled.
    Just wanted to point out that there is a package with mysql logging support, I did it as indicated in the guide by djhedges and works great.

    apt-get install snort-mysql

Page 2 of 31 FirstFirst 123412 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •