Hey all,
A couple of weeks ago I did an initial deployment of an Intrusion
Detection System in our infrastructure. It utilizes the prelude stack,
and is currently powered by auditd and prelude-lml events. Audit gives
us a ridiculous amount of power with regarding to monitoring
everything that happens on a system. Prelude-lml, out of the box
using it's pcre plugin, is able to watch a large variety of service
logs, including many things we are running (asterisk, mod_security,
nagios, cacti, PAM, postfix, sendmail, selinux, shadowutils, sshd,
sudo). Prewikka is the web-based frontend
(
https://admin.fedoraproject.org/prewikka).
Permission denied post-login :)
But looking forward to seeing this in action :)
--Bret