Novell Home

Are there any good Intrustion Detection Systems out there for Linux?

Novell Cool Solutions: Question & Answer

Posted: 23 Feb 2005

Q:
Are there any good Intrustion Detection Systems out there for Linux?

A:
Yes.. There is "snort" as network-IDS, which I used successfully in some projects. It should/might be accompanied by some analyzing-tools, like "snortalog".

Not only Network-IDS comes to mind, but also, and just as important, system-/filesystem-IDS, like "aide" or "tripwire".

Also, don't forget to make the HUGE amount of Firewall-data understandable to people by using some sort of a log-analyzer like "fwlogwatch" or "logsurfer".

fwlogwatch and snortalog are not included in SLES 9 (but RPMs are available on request), but everything else (snort, aide, tripwire) should be there.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell