Re: Linux/*nix open source IDS

[Paul Schmehl <pauls () utdallas edu>]

I highly recommend that you look in to the Sentry Tools (on Sourcefire). 
They're great for standalone boxes, easy to set up (but read the 
instructions *carefully* or you will lock yourself out of your own box 
except for the console), and easy to admin.

--On Tuesday, August 12, 2003 5:29 AM +0000 clmail2000 () yahoo com wrote:
> I am interested in implementing an open source IDS for a Linux/*nix
> system and have been looking into various different ones and the
> sort of critiques they have received. Some of the products I am
> considering are Tripwire, AIDE, Samhain, Integrit, and Osiris.
> Because I had not been able to find very much commentary about
> such packages (except for Tripwire), I would like to ask what
> sort of experiences anyone has had with them and how they compare
> with one another. Alternatively, if you can point me to where I can
> find such information, that would also be much appreciated.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------