New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Intrusion detection
Intrusion detection
I'd be interested in hearing what, if any, kinds of intrusion detection other Bubba owners are using, especially tripwire, or similar programs. Right now I don't have anything like that, but it's a layer of security I would like to add, and I'd love to hear what you guys think the best options are for that purpose.
Re: Intrusion detection
I used tripwire and snort for a while after a break-in in another machine. They are not difficult to install, but they require a LOT of time configuring properly and (for snort) even more time checking and maintaining. For tripwire you need to make a fresh reference image after every software update. In my opinion, if you're not willing to spend serious time on these things they're not really worth installing.
Re: Intrusion detection
Thanks, Ubi - I'm at least going to give it a shot. I know it's unlikely, but I'd really like some assurance that my machine hasn't been rootkitted.
Re: Intrusion detection
That's why I like ARM-based servers, like the B1 or B3. Scriptkddies generally do not expect non-Intel chipsets and their binary h4x0rz progs fail to run 
. Be aware that for tripwire to work you MUST hook up a read-only network share or CDrom. USB with read-only switches will not work.
. Be aware that for tripwire to work you MUST hook up a read-only network share or CDrom. USB with read-only switches will not work.