Re: Light weight IDSes and then some

2005-07-16 Thread J.A. de Vries
On 2005-07-15 @ 11:58:26 (week 28) George P Boutwell wrote: > The Security Debian How-To mentions Tripwire. Looking at AIDE and > Tripwire in the debian packages repositories it's hard to tell the > difference. I'm sure they both do the job, anyone with experience > with both these packages can

Re: Light weight IDSes and then some

2005-07-16 Thread Paul Gear
George P Boutwell wrote: > ... >>>1) What are some projects/software for light IDS, specifically file >>>checksome/change control. I plan on doing the MD5 checksum floppy as >>>described in the Secuirng How-To, but then I want an software that >>>does that and e-mails my admin user whenever checks

Re: Light weight IDSes and then some

2005-07-15 Thread Rick Moen
Quoting George P Boutwell ([EMAIL PROTECTED]): > The Security Debian How-To mentions Tripwire. Looking at AIDE and > Tripwire in the debian packages repositories it's hard to tell the > difference. I'm sure they both do the job, anyone with experience > with both these packages can describe some

Re: Light weight IDSes and then some

2005-07-15 Thread Steve Kemp
On Fri, Jul 15, 2005 at 11:58:26AM -0500, George P Boutwell wrote: > The Security Debian How-To mentions Tripwire. Looking at AIDE and > Tripwire in the debian packages repositories it's hard to tell the > difference. I'm sure they both do the job, anyone with experience > with both these packag

Re: Light weight IDSes and then some

2005-07-15 Thread George P Boutwell
On 7/14/05, DI Peter Burgstaller <[EMAIL PROTECTED]> wrote: > > 1) What are some projects/software for light IDS, specifically file > > checksome/change control. I plan on doing the MD5 checksum floppy as > > described in the Secuirng How-To, but then I want an software that > > does that and e-ma

Re: Light weight IDSes and then some

2005-07-15 Thread George P Boutwell
On 7/15/05, Alec Berryman <[EMAIL PROTECTED]> wrote: > Let me clarify what I said: the directory which holds the content > accessible under http://www.example.com/~user/ is physically locate > under the chroot, and a symlink to that directory is placed in the > user's home directory. Neither the u

Re: Light weight IDSes and then some

2005-07-15 Thread Alec Berryman
George P Boutwell on 2005-07-15 10:56:48 -0500: > On 7/15/05, Alec Berryman <[EMAIL PROTECTED]> wrote: > > OpenBSD places all of the user's public_html directories under the > > Apache chroot. I've found it no hassle to put a symlink in the user's > > directory, but then again I wasn't doing quot

Re: Light weight IDSes and then some

2005-07-15 Thread George P Boutwell
On 7/15/05, Alec Berryman <[EMAIL PROTECTED]> wrote: > OpenBSD places all of the user's public_html directories under the > Apache chroot. I've found it no hassle to put a symlink in the user's > directory, but then again I wasn't doing quotas. Alec, Thanks for the suggestion. I had thought of t

Re: Light weight IDSes and then some

2005-07-15 Thread Thomas Hochstein
George P Boutwell schrieb: > 3) I'd like to provide some limited SFTP (SSH FTP) mechanisms for > select individuals, for these I would really like to do away with the > shell, but I haven't found away, how can I provide an shell-less SFTP > or severely restricted SFTP service for these people? I

Re: Light weight IDSes and then some

2005-07-14 Thread Alec Berryman
George P Boutwell on 2005-07-14 18:02:40 -0500: > > > 2) Apache & or cgi-bins I use, where the cause of my closest to being > > > compromised situations. If I set-up Apache, PHP, cgis, etc in a > > > chroot jail, how can I still provide and /~username/ type set-up, as I > > > have at least 2 situ

Re: Light weight IDSes and then some

2005-07-14 Thread Brian Bilbrey
George P Boutwell wrote: ... It looks as though you've gotten at least one other reply, but I've not seen it/them (yet) 3) I'd like to provide some limited SFTP (SSH FTP) mechanisms for select individuals, for these I would really like to do away with the shell, but I haven't found away, how

Re: Light weight IDSes and then some

2005-07-14 Thread George P Boutwell
On 7/14/05, DI Peter Burgstaller <[EMAIL PROTECTED]> wrote: > I'm using AIDE and am very happy with it. Thanks I'll look into it. > > 2) Apache & or cgi-bins I use, where the cause of my closest to being > > compromised situations. If I set-up Apache, PHP, cgis, etc in a > > chroot jail, how can

Light weight IDSes and then some

2005-07-14 Thread George P Boutwell
Hello, I currently have a Woody NAT/Firewall machine that provides internet to my home LAN. In addition to that it provides Web proxy and Web serving (mainly for a few pages for my family and friends). It's been running nicely for several years now. Last year I had 2 cases where I had near mi