Intrusion Detection System
Stephen John Smoogen
smooge at gmail.com
Thu Sep 11 00:40:34 UTC 2008
2008/9/10 Luke Macken <lmacken at redhat.com>:
> Hey all,
>
> A couple of weeks ago I did an initial deployment of an Intrusion
> Detection System in our infrastructure. It utilizes the prelude stack,
> and is currently powered by auditd and prelude-lml events. Audit gives
> us a ridiculous amount of power with regarding to monitoring
> everything that happens on a system. Prelude-lml, out of the box
> using it's pcre plugin, is able to watch a large variety of service
> logs, including many things we are running (asterisk, mod_security,
> nagios, cacti, PAM, postfix, sendmail, selinux, shadowutils, sshd,
> sudo). Prewikka is the web-based frontend
> (https://admin.fedoraproject.org/prewikka).
>
for the EL-5 systems.. did you need to update audit from what is
provided by RHEL-5.2? It looked like it would be needed when I talked
with Steve Grubb because it required stuff that had not been ported to
EL-5. I would be interested in helping you test/document this? Where
can I start?
--
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the infrastructure
mailing list