Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

intrusion detection/prevention



On Tue, 2009-06-30 at 13:22 -0400, Ryan Pugatch wrote:

> Hi all,
> 
> Looking in to my options for intrusion detection and prevention. Top of 
> the list, of course, is Snort either open source or on a Sourcefire 
> appliance.  I am wondering if anyone has any suggestions or 
> recommendations.
> 
> Thanks
> 


I have personally used tripwire, portsentry, and snort / Oinkmaster over
the last several years ...and have now dropped everything except
Snort/Oinkmaster. TRipwire annoyed me as it emailed me masses of stuff
everyday about what had NOT changed. Portsentry tended to clog up the
iptables with things it found bothersome, which meant I kept having to
flush the tables. I could have set it to 'no action', but then what was
the point?

Sort and OinkMaster are a good answer for me, YMMV :)

Richard








BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org