I endorse this thread.
UbuntuBeginnersTeam
UbuntuSecurity
Blawg
Questions pertaining to "stealthed" ports kind of make me LOL IRL
thanks a lot man
you have done a huge effort you are very nice ,,,,,,
Ubuntu : Hi......Microsoft : GoodBye.....
HAHAHAHAHAHAHAHAHA
You are an absolute genious of security.
Thanks so much.
Daniel
can i install both
without create any conflict ?
if install both do they need a lot off CPU recourse ?
snort and ossec perform different tasks and are complementary. See :
Security Focus ~ An Introduction to Intrusion Detection Systems
Yes you can run them together. "lot of CPU" is subjective and means different things to different people. In general snort and ossec do not slow down your web server and if they do, IMO, your server is probably underpowered.
Last edited by bodhi.zazen; October 1st, 2008 at 04:11 PM.
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Code-based Intrusion Detection for Linux by Ohad Ben-Cohen and Avishai Wool :
http://www.korset.org/?page_id=2
Just a newbie question:
Does that info have any use for desktop version of Ubuntu?
I do have ufw enabled and ports closed, but I want to monitor internet connections and other things. Can I use snort and the other thing for that???
Sorry, I know I do look like an incompetent person now, but... I really am)))
Thanks very much for this post
"I recommend Ubuntu." Bill Gates
"Let's install Ubuntu on Mac." Steve Jobs
(Ubuntu - linux for human beings, get it free at www.ubuntu.com)
No problem, ask away.
You are asking the right questions, but you will get a range of answers depending on who you ask.
Rather then turn this thread into a meandering debate re: firewalls and security I would prefer to keep it on topic, ie intrusion detection.
My best advice is that you start by asking yourself what it is you are trying to accomplish and determine your own level of "paranoia". Next read through some of the links I provided and determine the right tool for the job.
ossec == HIDS
snort == NIDS
As most people come from a Windows background, the HIDS systems are most familiar. These are tools to monitor your host (desktop) for changes in system files. For example on Windows one scans for viruses or other malware (adblock software is often HIDS).
You are asking about NIDS, ie monitoring network traffic. Snort captures or monitors all network activity (packets) going to and coming from your Desktop (or server). You will likely recieve several thousand packets in short order, Snort filters through these thousands of packets by checking each packet against a set of "rules" and logs sustpcious activity to a database (mysql). You then use Base to generate a "report" you can view on any web browser. From there you will need to research any "alerts". How you manage alterts then is also a matter of style.
There are other tools for each of these tasks including wireshark (which will keep the contents of all packets, not just alerts) , barnyard (as an alternate to mysql) etc.
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Just wanted to point out that there is a package with mysql logging support, I did it as indicated in the guide by djhedges and works great.
apt-get install snort-mysql
Bookmarks