[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Intrusion Detection System



2008/9/10 Luke Macken <lmacken redhat com>:
> Hey all,
>
> A couple of weeks ago I did an initial deployment of an Intrusion
> Detection System in our infrastructure.  It utilizes the prelude stack,
> and is currently powered by auditd and prelude-lml events.  Audit gives
> us a ridiculous amount of power with regarding to monitoring
> everything that happens on a system.  Prelude-lml, out of the box
> using it's pcre plugin, is able to watch a large variety of service
> logs, including many things we are running (asterisk, mod_security,
> nagios, cacti, PAM, postfix, sendmail, selinux, shadowutils, sshd,
> sudo).  Prewikka is the web-based frontend
> (https://admin.fedoraproject.org/prewikka).
>

for the EL-5 systems.. did you need to update audit from what is
provided by RHEL-5.2? It looked like it would be needed when I talked
with Steve Grubb because it required stuff that had not been ported to
EL-5. I would be interested in helping you test/document this? Where
can I start?


-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]