[CentOS] Intrusion Detection Systems

2007-09-26 Thread John Hinton
Situation: We are providing hosting services. I've grown tired of the various kiddie scripts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We simply have too many users entering from too many

Re: [CentOS] Intrusion Detection Systems

2007-09-26 Thread Mark D. Foster
John Hinton wrote: > ... > There does seem to be flexibility among these three systems in having > the ability to monitor just about any log system and take action based > on failed logins for instance. > > So, whats the word from the list? Pros cons or other directions? I've always been rather fon

Re: [CentOS] Intrusion Detection Systems

2007-09-26 Thread Stephen John Smoogen
On 9/26/07, John Hinton <[EMAIL PROTECTED]> wrote: > Situation: We are providing hosting services. > > I've grown tired of the various kiddie scripts/dictionary attacks on > various services. The latest has been against vsftpd, on systems that I > can't easily control vs. putting strict limits on s

Re: [CentOS] Intrusion Detection Systems

2007-09-27 Thread John Hinton
Stephen John Smoogen wrote: On 9/26/07, John Hinton <[EMAIL PROTECTED]> wrote: Situation: We are providing hosting services. I've grown tired of the various kiddie scripts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs. p

Re: [CentOS] Intrusion Detection Systems

2007-09-30 Thread Lanny Marcus
On 27 September 2007, John Hinton <[EMAIL PROTECTED]> wrote: > Message: 50 > Date: Thu, 27 Sep 2007 03:13:00 -0400 > > WOW! I just did an install of OSSEC on a couple of servers and so far > I'm very impressed. First, the installation was as good as anything John: Sounds like you are very please

Re: [CentOS] Intrusion Detection Systems

2007-09-30 Thread John Hinton
Lanny Marcus wrote: On 27 September 2007, John Hinton <[EMAIL PROTECTED]> wrote: Message: 50 Date: Thu, 27 Sep 2007 03:13:00 -0400 WOW! I just did an install of OSSEC on a couple of servers and so far I'm very impressed. First, the installation was as good as anything John: Sounds li

Re: [CentOS] Intrusion Detection Systems

2007-09-30 Thread Les Bell
John Hinton <[EMAIL PROTECTED]> wrote: >> I did look at snort and actually some people run both snort and OSSEC. I don't remember the reasons. << Simply put, they're different things. Snort is a network IDS which examines network traffic packets, looking for the signatures of various attacks. OS