1 |
Hi, |
2 |
|
3 |
I just want to beware of anything unusual instantly, preferably by |
4 |
email. This is a single or two user laptop. Here are the few I gave a |
5 |
shot: |
6 |
|
7 |
Logsentry is very simple and easy to use with its plain rule files and |
8 |
check script. It just works out of the box with almost zero |
9 |
configuration. I only had to add couple of rules and modify |
10 |
logcheck.sh according to my syslog setup. But it seems to be |
11 |
unmaintained and more importantly it is not real time. There is an |
12 |
hourly cron job shipped with the package but running it more frequent |
13 |
sounds like overdoing it. |
14 |
|
15 |
I also checked logsurfer which comes with a init script, however, no |
16 |
working configuration file and sort of confusing examples. |
17 |
|
18 |
Aide, as an intrusion detection tool, has also very simple |
19 |
configuration but it does not report in real time either. You have to |
20 |
place the example cron job to cron directory of your choice manually. |
21 |
Running it hourly loads the system every hour for couple of minutes. |
22 |
Running it daily mean knowing about the intrusion only the day after. |
23 |
I don't see the point of that, it may be too late for everything. |
24 |
|
25 |
I read somewhere that snort was the most used one. At first glance |
26 |
there are too many configuration variables. It just seems overmuch for |
27 |
what I want on my system. |
28 |
|
29 |
What I want is something like tail using inotify: |
30 |
tail -f / | mail $ME :) |
31 |
|
32 |
Seriously, are there [or is there a single] tool/s for {system, |
33 |
network, log} monitoring and intrusion detection, using inotify to |
34 |
watch and email the instant changes on a system? What do you use and |
35 |
recommend for a home pc? |
36 |
|
37 |
eix -cSz ntrusion and log monitor show what is available in portage |
38 |
but asking to share experience is a lot better than emerge-try-unmerge |
39 |
cycle. Hope you agree. |
40 |
|
41 |
-- |
42 |
Fatih |