Gentoo Archives: gentoo-user

From: "Fatih Tümen" <fthtmn+gentoo@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Advice for System monitor + Intrusion Detection tools?
Date: Fri, 19 Nov 2010 20:46:13
1 Hi,
3 I just want to beware of anything unusual instantly, preferably by
4 email. This is a single or two user laptop. Here are the few I gave a
5 shot:
7 Logsentry is very simple and easy to use with its plain rule files and
8 check script. It just works out of the box with almost zero
9 configuration. I only had to add couple of rules and modify
10 according to my syslog setup. But it seems to be
11 unmaintained and more importantly it is not real time. There is an
12 hourly cron job shipped with the package but running it more frequent
13 sounds like overdoing it.
15 I also checked logsurfer which comes with a init script, however, no
16 working configuration file and sort of confusing examples.
18 Aide, as an intrusion detection tool, has also very simple
19 configuration but it does not report in real time either. You have to
20 place the example cron job to cron directory of your choice manually.
21 Running it hourly loads the system every hour for couple of minutes.
22 Running it daily mean knowing about the intrusion only the day after.
23 I don't see the point of that, it may be too late for everything.
25 I read somewhere that snort was the most used one. At first glance
26 there are too many configuration variables. It just seems overmuch for
27 what I want on my system.
29 What I want is something like tail using inotify:
30 tail -f / | mail $ME :)
32 Seriously, are there [or is there a single] tool/s for {system,
33 network, log} monitoring and intrusion detection, using inotify to
34 watch and email the instant changes on a system? What do you use and
35 recommend for a home pc?
37 eix -cSz ntrusion and log monitor show what is available in portage
38 but asking to share experience is a lot better than emerge-try-unmerge
39 cycle. Hope you agree.
41 --
42    Fatih


Subject Author
Re: [gentoo-user] Advice for System monitor + Intrusion Detection tools? Alan McKinnon <alan.mckinnon@×××××.com>
Re: [gentoo-user] Advice for System monitor + Intrusion Detection tools? Stroller <stroller@××××××××××××××××××.uk>