As a self-assigned task at my place of employment I've been investigating Prelude, honeypots, malware collection, host intrusion detection systems, integration of intrusion detection systems like Snort, integration of Linux systems with Active Directory domains, and the like.
I would prefer not to discuss too much specific information about my employment or our network, as my employer is rather high-profile. I will say that I am effectively fighting political pressure, as these tasks are "interesting" to management but are very shaking and would invalidate and replace a lot of our current related infrastructure; and I am researching things I know will never happen (such as exchange integration for Linux desktops-- unless someone at Cannonical wants to seriously work with me on fully internal network integration and management, we will NEVER run Linux desktops here). At any rate, I have found some rough edges installing Prelude, nothing major or hard to fix though. I've also found that mwcollectd isn't a part of Ubuntu. Finally, Ubuntu 8.04 has Snort 2.7; Snort 2.8 is in 8.10 of course, this is not a problem. What I would like to do is get enough packages in Ubuntu Universe to a useful state to accomplish several tasks. These include: - A Prelude-manager concentrator and Prewikka interface - Prelude-LML monitoring various logs - HoneyD running various personalities - mwcollectd running - snort running - ossec running There are some other things not needed for me, but also interesting; in particular, Argos (a Qemu modification that detects attacks). Any thoughts? Should I just file bugs on rough edges and lobby for mwcollectd inclusion? Much of this already functions (Prelude works pretty well, HoneyD is included, Snort works well). -- Ubuntu-devel-discuss mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
