From owner-freebsd-questions Wed May 3 14:26:36 2000 Delivered-To: freebsd-questions@freebsd.org Received: from shepherd.hurlburt.af.mil (shepherd.hurlburt.af.mil [151.166.15.65]) by hub.freebsd.org (Postfix) with ESMTP id A2AE437BEEF for ; Wed, 3 May 2000 14:26:32 -0700 (PDT) (envelope-from John.VanHouten@hurlburt.af.mil) Received: from shepherd.hurlburt.af.mil (root@localhost) by shepherd.hurlburt.af.mil with ESMTP id QAA07418 for ; Wed, 3 May 2000 16:24:15 -0500 (CDT) From: John.VanHouten@hurlburt.af.mil Received: from exwncc01.hurlburt.af.mil (exwncc01.hurlburt.af.mil [151.166.208.37]) by shepherd.hurlburt.af.mil with ESMTP id QAA07412 for ; Wed, 3 May 2000 16:24:15 -0500 (CDT) Received: by exwncc01.hurlburt.af.mil with Internet Mail Service (5.5.2448.0) id ; Wed, 3 May 2000 16:26:25 -0500 Message-ID: <856532CB07BED3118FE300204840E28ACE4483@vexwncc02.hurlburt.af.mil> To: freebsd-questions@FreeBSD.ORG Subject: Question: Best IDS? Date: Wed, 3 May 2000 16:26:19 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all.... I am really looking for opinions from this forum of individuals regarding use of IDS (Intrusion Detection Systems) on a FBSD box. Which application is best for this purpose? Both commercial and open source? I presently run Tripwire daily, as well as a little perl script which runs through /var/log/messages looking for 'odd' activity... and of course the 'daily run' information FBSD provides, syslog, etc etc. I also run Nessus and SARA weekly on my machines - just to be sure. What I would like is a good IDS package, and I am sure each one of you has their own idea of what is the best and why. While this is not FreeBSD specific, I have always respected the opinions of those that contribute to this list. If you think something is hot, I am sure it is. Thanks in advance guys. Cheers! - --John -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2 for non-commercial use iQA/AwUBORCbD1ufg9eYiuqZEQLmWwCfebw/A9XwOITg2gebgOd3CqdV0PcAoOUs o5NbtbkNdN2qik2sMDvFgwJ9 =h/mL -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message