l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2004 Jun 30 13:00

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] Re: vox-tech Digest, Vol 1, Issue 1235
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] Re: vox-tech Digest, Vol 1, Issue 1235



Hey folks...

> On Tuesday 29 June 2004 07:10 pm, Lewis Perdue wrote:
> > Back when our server was originally cracked, someone suggested that we
look
> > at tripwire to monitor things once we had a clean install ... well,
we've
> > got a clean install, but our investigation of Tripwire shows a GIANT
> > corporate Dilbert empire with layer upon layer of obfuscation and a set
of
> > sticky hurdles to clear before even getting an evaluation unit ... they
> > boast of being able to monitor 2,500 servers, but Geez, folks how about
> > something for one or two servers?
>
> I thought tripwire was GPL?
>
>   http://sourceforge.net/projects/tripwire/
>
> > Isn't there an open-source alternative for this bloatware poster child?
> > Even something that does a simple checksum kinda thing on key system and
> > .conf files would be welcome.
>
> If you go to freshmeat.net and enter "intrusion detection"
> into the search box you'll see a ton of choices.  Perhaps
> someone else has specific recommendations....

Yeah...the bonus of commercial tripwire over GPL tripwire is wider OS
support (commercial supports Windows natively), and a monitoring console.
However, the Tripwire commercial console can be replaced using Prelude, an
Open Source Hybrid IDS that can poll data from multiple sources and
consolidate it into a single console, and that way you can use pure GPL
tripwire.  Right now Prelude natively supports Snort, Samhain (which is a
FIC/File Integrity Checker that fulfills your needs above), Nessus, and some
other stuff.  Additionally, many things that can log to syslog have support
via the Prelude LML (Log Management Lackey).  Here's a directory listing of
the current rulesets:

apc-emu.rules       ipfw.rules         pam.rules           ssh.rules
bigip.rules         ipso.rules         pcanywhere.rules    sudo.rules
cisco-pix.rules     Makefile           portsentry.rules    tripwire.rules
cisco-router.rules  Makefile.am        postfix.rules       unsupported
cisco-vpn.rules     Makefile.in        proftpd.rules       vigor.rules
clamav.rules        modsecurity.rules  qpopper.rules       vpopmail.rules
contrib             ms-sql.rules       sendmail.rules      wap11.rules
dell-om.rules       nagios.rules       shadow-utils.rules  webmin.rules
grsecurity.rules    navce.rules        simple.rules        wu-ftp.rules
honeyd.rules        netfilter.rules    single.rules
ipchains.rules      ntsyslog.rules     squid.rules

In short, Prelude is an excellent event consolidator/Hybrid IDS solution.
Anyone serious about Open Source security should probably have a look at it
at some point or another:

http://www.prelude-ids.org

Gene R Gomez

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.