1 |
Hello, |
2 |
|
3 |
I was just surfing around and found an interesting IDS: |
4 |
|
5 |
Prelude Hybrid IDS |
6 |
(http://www.prelude-ids.org/) |
7 |
|
8 |
"Prelude is a new innovative Hybrid Intrusion Detection system designed to be very modular, distributed, rock solid and fast." |
9 |
|
10 |
Interesting facts about this IDS: |
11 |
|
12 |
" |
13 |
we try to retrieve the "stimuli" and responses eventually associated to attacks at network level or at system level |
14 |
... |
15 |
Centralizing, Archiving, and Normalizing logs in a secure way |
16 |
... |
17 |
in practice we have as many sensors as possible (Prelude-NIDS, Centralized Syslogs, ...) deployed on the network which send their alerts to Security Managers. |
18 |
... |
19 |
Counter-measure agents are generic agents run on the machines which must react in case of an attack. |
20 |
... |
21 |
Libsafe is a preloadable library (through LD_PRELOAD directive or using an entry in /etc/ld.so.conf) which protect a program against the exploitation of vulnerabilities like buffer-overflows of bogus format string. |
22 |
" |
23 |
|
24 |
|
25 |
So, I would be interested: |
26 |
|
27 |
- Are there any efforts made to adapt Prelude-IDS to gentoo, maybe in relation with gentoo-hardened? |
28 |
|
29 |
- Is anyone already using Prelude-IDS on gentoo? |
30 |
|
31 |
|
32 |
Daniel |