On Thursday 17 September 2009 12:33, CHAPLIN, JAMES (CTR) wrote: >Is there a host based intrusion detection agent like Symantec's CSP for >the s390x platform? We have hit a road block in that Symantec does not >support the mainframe Linux. Right now they want us to route our syslogs >to a windows box or Blade server($$$) to capture any data, and we do not >like it.
I haven't tried this on zLinux because all our mainframes are far from the public, but I use DenyHosts on all my Linux boxes with an external IP address: http://sourceforge.net/projects/denyhosts/ It's in Python, so it will run on s390x. It's pretty simple-minded: just blocks hosts with too many SSH login failures. I don't know if it covers other sorts of intrusion attempts or not. What sort of intrusions are you trying to prevent? SSH? IMAP? Port scans? Everything? I haven't tried any of the following, but these packages might help: PortSentry: http://www.psionic.com/abacus/portsentry/ LogCheck: http://www.psionic.com/abacus/logcheck/ There's also LIDS (http://www.lids.org/), but that's a kernel modification and probably overkill. And if you want to find out what happened after you've been compromised, there's the venerable TripWire (http://www.tripwire.org/). - MacK. ----- Edmund R. MacKenty Software Architect Rocket Software 275 Grove Street · Newton, MA 02466-2272 · USA Tel: +1.617.614.4321 Email: m...@rs.com Web: www.rocketsoftware.com ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
