Hi,
I'd like to propose a minor change to
https://www.debian.org/doc/manuals/securing-debian-manual
While I have no argument with intrusion detection, I don't see anything
for active response. A metaphor would be Peter Cook and Dudley Moore's
extended joke:
https://www.youtube.com/watch?v=lbnkY1tBvMU
Anyway, I'd like to propose adding a section that describes ossec. While
I appreciate the detection aspect, I'm just a person who admins a server
farm of 6 Linodes mostly running WordPress. It took longer than it
should have to learn about ossec. I think an entry in the guide would be
helpful. Also, with DEFCON approaching, this seems an appropriate time
to start this discussion.
Cheers,
jec
