| 1 |
Hi, |
| 2 |
|
| 3 |
I just want to beware of anything unusual instantly, preferably by |
| 4 |
email. This is a single or two user laptop. Here are the few I gave a |
| 5 |
shot: |
| 6 |
|
| 7 |
Logsentry is very simple and easy to use with its plain rule files and |
| 8 |
check script. It just works out of the box with almost zero |
| 9 |
configuration. I only had to add couple of rules and modify |
| 10 |
logcheck.sh according to my syslog setup. But it seems to be |
| 11 |
unmaintained and more importantly it is not real time. There is an |
| 12 |
hourly cron job shipped with the package but running it more frequent |
| 13 |
sounds like overdoing it. |
| 14 |
|
| 15 |
I also checked logsurfer which comes with a init script, however, no |
| 16 |
working configuration file and sort of confusing examples. |
| 17 |
|
| 18 |
Aide, as an intrusion detection tool, has also very simple |
| 19 |
configuration but it does not report in real time either. You have to |
| 20 |
place the example cron job to cron directory of your choice manually. |
| 21 |
Running it hourly loads the system every hour for couple of minutes. |
| 22 |
Running it daily mean knowing about the intrusion only the day after. |
| 23 |
I don't see the point of that, it may be too late for everything. |
| 24 |
|
| 25 |
I read somewhere that snort was the most used one. At first glance |
| 26 |
there are too many configuration variables. It just seems overmuch for |
| 27 |
what I want on my system. |
| 28 |
|
| 29 |
What I want is something like tail using inotify: |
| 30 |
tail -f / | mail $ME :) |
| 31 |
|
| 32 |
Seriously, are there [or is there a single] tool/s for {system, |
| 33 |
network, log} monitoring and intrusion detection, using inotify to |
| 34 |
watch and email the instant changes on a system? What do you use and |
| 35 |
recommend for a home pc? |
| 36 |
|
| 37 |
eix -cSz ntrusion and log monitor show what is available in portage |
| 38 |
but asking to share experience is a lot better than emerge-try-unmerge |
| 39 |
cycle. Hope you agree. |
| 40 |
|
| 41 |
-- |
| 42 |
Fatih |
Archives