From owner-freebsd-security  Thu May  3 17: 2: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 38F4837B422
	for <security@FreeBSD.ORG>; Thu,  3 May 2001 17:02:03 -0700 (PDT)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id RAA07855;
	Thu, 3 May 2001 17:01:40 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda07853; Thu May  3 17:01:22 2001
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f4401Gk31994;
	Thu, 3 May 2001 17:01:16 -0700 (PDT)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdc31992; Thu May  3 17:00:50 2001
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.3/8.9.1) id f4400od16783;
	Thu, 3 May 2001 17:00:50 -0700 (PDT)
Message-Id: <200105040000.f4400od16783@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdx16779; Thu May  3 17:00:43 2001
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-Sender: schubert
To: Glenn G <glenn@geekazoid.com>
Cc: security@FreeBSD.ORG
Subject: Re: Security Monitors 
In-reply-to: Your message of "Thu, 03 May 2001 09:18:25 PDT."
             <3AF184D1.267A76D8@geekazoid.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 03 May 2001 17:00:43 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <3AF184D1.267A76D8@geekazoid.com>, Glenn G writes:
> Good Morning All!  I have a quick question regarding security
> monitoring.  We have a Linux server that was recently breeched
> (completely my fault btw.  Never got around to securing it up very
> well.)
> 
> To my point...FreeBSD has been much more secure in my limited experience
> than most other OS's out there.  I would however like to install more
> monitoring software on the box so it will alert me if there has been an
> attack.  I have been looking at "mon", "bro", and "logcheck".  Can
> anyone give any recommendations?  Experiences?

Take a look at swatch in ports.  Granted you'll need to define to 
swatch regular expressions in your logs that could trigger some action 
such as paging you on your cell phone/pager.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message