What are some common tools for intrusion detection?

linux networking security monitoring
15,672

Solution 1

Snort

From their about page:

Originally released in 1998 by Sourcefire founder and CTO Martin Roesch, Snort is a free, open source network intrusion detection and prevention system capable of performing real-time traffic analysis and packet logging on IP networks. Initially called a “lightweight” intrusion detection technology, Snort has evolved into a mature, feature-rich IPS technology that has become the de facto standard in intrusion detection and prevention. With nearly 4 million downloads and approximately 300,000 registered users Snort, it is the most widely deployed intrusion prevention technology in the world.

Solution 2

Why don’t you check http://sectools.org/

Solution 3

Tripwire

Is an open source (though there's a closed source version) integrity checker that uses hashes to detect file modifications left behind by intruders.

Solution 4

OpenBSD has mtree(8): http://www.openbsd.org/cgi-bin/man.cgi?query=mtree It checks whether any files have changed in a given directory hierarchy.

Solution 5

Logcheck is a simple utility which is designed to allow a system administrator to view the logfiles which are produced upon hosts under their control.

It does this by mailing summaries of the logfiles to them, after first filtering out "normal" entries. Normal entries are entries which match one of the many included regular expression files contain in the database.

You should watch your logs as one part of a healthy security routine. It'll also help trap a lot of other (hardware, auth, load...) anomalies.

Share:
15,672

Related videos on Youtube

setzamora
Author by

setzamora

Updated on September 17, 2022

Comments

  • setzamora
    setzamora almost 2 years

    Please give a brief description for each tool.

  • gvkv
    gvkv almost 14 years
    Is that ad copy?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Monitoring filesystem activity
Can conky monitor other Linux computers on the network?
Alert when someone connects to my PC
How to grant access permission on network interface?
Linix Mint Live CD: DNS not working, but will ping out fine
Why it is not recommend to use root login in linux
How can I monitor and report file copy activities in Windows XP?
App or apps like NetLimiter Monitor for Linux
How do I properly SSH into a server behind a NAT while maintaining the tightest possible security?
What are these weird IP address connections in resource monitor?