On Thu, 25 Jan 2001, Michael Jung wrote:
> > Use logcheck by Psionic software. Works great on e-smith. I have
> > been using
> > it since the early days of ver 3.
> >
> > http://www.psionic.com/
>
> Yes I can confirm, I also use portsentry (same company) on my 4.0b7 system
> to add an ipchains rule after a portscan is detected by the
s-smith-server.
> I'd think carefully before doing that. Running portsentry opens you up to
> a denial of service attack, without necessarily adding any protection.
True but this can be minimized by turning off any autoresponse features and
portscan detection. (Both of which are unnecessary IMHO)
> If your box has no exploitable vulnerabilities, the portscan is harmless.
> If it has vulnerabilities, then portsentry won't necessarily help you.
Again true, I only use it to watch for any systematic attack patterns from
any particular source.
If I could only figure out a way to pipe my IPChain logs onto the PIP on my
TV....
> Justin, I'd be very happy to have a contributed e-smith-logcheck RPM :-)
Apparently you e-smith guys have found a miracle drug that somehow lets you
work 24 hours a day with no sleep.
I had considered it but I am working on the "Big Brother" rpm for
centralized e-smith service monitoring that is turning into be more of a
project than I expected. Stay tuned...
J.
--
This list is archived
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
