From owner-freebsd-security  Sun Jan 13 11:34:11 2002
Delivered-To: freebsd-security@freebsd.org
Received: from crimelords.org (crimelords.org [199.233.213.8])
	by hub.freebsd.org (Postfix) with ESMTP id 90B6E37B417
	for <freebsd-security@FreeBSD.ORG>; Sun, 13 Jan 2002 11:34:05 -0800 (PST)
Received: from localhost (admin@localhost)
	by crimelords.org (8.11.6/8.11.6) with ESMTP id g0DJR1l72286;
	Sun, 13 Jan 2002 13:27:01 -0600 (CST)
	(envelope-from admin@crimelords.org)
Date: Sun, 13 Jan 2002 13:27:01 -0600 (CST)
From: admin <admin@crimelords.org>
To: Simon Siemonsma <s.siemonsma@hccnet.nl>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Which intrusion detection to use?
In-Reply-To: <200201131755.SAA05886@smtp.hccnet.nl>
Message-ID: <Pine.BSF.4.44.0201131325360.72249-100000@crimelords.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Check out Veracity...I use snort and aide and tripwire on different
machines, and Veracity has peeked my interest just lately due to a post
from here.  I will be giving it a trial run myself pretty soon.  Here is
where you can find it....

Have a look at http://www.freeveracity.org

Let us know if you do use it, it's supposed to work very well on bsd.

--emacs

On Sun, 13 Jan 2002, Simon Siemonsma wrote:

> I have a FreeBSD box at home which I primairily use for internet access.
> All unneccesary deamon's are switched of (I have inetd turned off) and I make
> use of IPFW.
> To even increase the security more I want to add a few things:
> 1.	software that warns me when I'm under attack. I understood snort is a
> Network based Intrusion Detection System (NIDS), so not usefull on a host.
> What are the alternatives on a host? I did read about portsentry but don't
> understand what the added benefit it over a tightly configured firewall. I
> mean I use statefull packet filtering, allowing connections to be build up
> from me to the internet and not the other way round. Further my ports are
> stealthed.
> 2.	software which will detect that I'm hacked. Tripware is a well know name,
> but AIDE clames to do more. Integrit claimes to be simpler and focus on the
> essentials.
>
> Does anyone have some recommendations for me.
> Other recommendations to increase my security are also welcome?
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message