How to install Intrusion Detection system in Ubuntu 12.04

networking network-monitoring snort
26,421

Solution 1

Snort is Network Intrusion Detection System (NIDS). Snort can sniff your network and alert you based on his rule DB if there is an attack on your computers network. It is an opensource system that was build from tcpdump (linux sniffer tool).

This guide can be used for installing snort.

psad: Intrusion Detection and Log Analysis with iptables psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data.

If you using 12.04LTS Server, the see How to install PSAD Intrusion Detection on Ubuntu 12.04 LTS server.

Sources:
http://nachum234.no-ip.org/security/snort/1-snort-installation-on-ubuntu-11-10-i386/
http://www.cipherdyne.org/psad/index.html

Solution 2

You could take a look at fail2ban, which is directly contained in the repos (so you can simply "sudo apt-get install fail2ban"). I use it for years now, and it kept a lot of hackers out of my server by blocking them. Fail2ban works by parsing log files for specified patterns (it ships with a good sample config), and then blocking the attackers IP -- e.g. if a hacker made 5 failed attempts to login via ssh (even to different accounts), you can have his IP blocked for a specified length of time (e.g. 30min). There are examples shipped for different services, just take a look at the homepage for additional information.

Edit: Notifications are also possible (send a mail if something was detected).

Solution 3

To answer your question, a step-by-step configuration.

Also see this one, but the above worked better for me. Don't expect anything to work the first time though.

Share:
26,421

Related videos on Youtube

One Zero
Author by

One Zero

Updated on September 18, 2022

Comments

  • One Zero
    One Zero almost 2 years

    Basically i m looking for some Intrusion Detection system....

    so i find snort is one of them , soi i need step by step configuration to install snort & some snort web-based monitoring tool ..like " snort report "

    is there any good alternative for Intrusion Detection system ? if yes how to install them

    • Mitch
      Mitch about 12 years
      I'm assuming 12.04 Server?
  • David Tod
    David Tod over 9 years
    Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.
  • 00fruX
    00fruX over 9 years
    I agree @Izzy. The page is so long though, I couldn't think of a practical way to answer other than copy/pasting all 50ish pages on the URL. That would have been a formatting nightmare! :)
  • David Tod
    David Tod over 9 years
    Well, you might at least rawly point out what it includes (maybe with some Wikipedia links to those products – I've only found Aanval there) plus a few words – I mean, Snort is widely known, the others I've not even heard of before), if it requires 5 years IT studies to deal with... So one knows at least what to expect and, if the page disappears one day, has some idea what to google for ;)
  • yellowsir
    yellowsir over 4 years
    the link is gone :/

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why is my eth0 interface not detected when installing Snort?
Copy all bridge traffic to a specific interface
How can I check disk usage using ssh?
How to detect/monitor the hosts/urls being accessed?
How to increase JAVA Heap Size?
Nethogs ioctl failed while establishing local IP
How to monitor who is pinging me?
Nethogs → creating socket failed while establishing local IP - are you root?
Monitor switch traffic load on specific port (CISCO managed switch)
Can I check which devices are connected to the router I'm connected to through a range extender (Booster)?