ANNOUNCE: guard - real time parser logu
Hanus Adler
had na articon.cz
Pátek Červenec 9 16:18:39 CEST 1999
On 9 Jul 1999 12:02:24 +0200, Ondrej Suchy <ondrej.suchy na underground.cz> wrote:
>na adrese http://www.penguin.cz/~ondrej/guard/ si muzete stahnout k
>_vyzkouseni_ program guard.
>
>je to takovy pokus o "intrusion detection system", ale spis to dopadlo
a jak se to liší od logcheck (http://www.psionic.com/abacus):
Logcheck is software package that is designed to automatically
run and check system log files for security violations and
unusual activity. Logcheck utilizes a program called logtail
that remembers the last position it read from in a log file and
uses this position on subsequent runs to process new
information. All source code is available for review and the
implementation was kept simple to avoid problems. This package
is a clone of the frequentcheck.sh script from the Trusted
Information Systems Gauntlet(tm) firewall package. TIS has
granted permission for me to clone this package.
když už jsme u toho, také doporučuji sentry (na stejné adrese):
The Sentry Port Scan Detector is part of the Abacus Project
suite of tools. The Abacus Project is an initiative to release
low-maintenance, generic, and reliable host based intrusion
detection software to the Internet community. More information
can be obtained from http://www.psionic.com.
S pozdravem
Hanuš Adler
--
"The day Microsoft will make something that doesn't suck is probably the
day they'll start making vacuum cleaners."
-- anonymous
Další informace o konferenci Linux