Intrusion Detection

As a part of your comprhensive security management the samhain host based intrusion detection system (HIDS) should be an integral component.

HIDS is a proactive measure to help avoid rootkits, unplanned system changes and other potentially nefarious activity.

Samhain Labs, samhain IDS

Samhain is a full system integrity monitoring and reporting application designed to alert you, good sysadmin, to suspect changes and activities on your host(s).

Samhain operates in a client/server daemon environment. Host file checksums and properties are centrally stored in a variety of database servers. e.g., PostgreSQL, MySQL, etc.

Extra documentation, details and FAQ's at: http://www.la-samhna.de/samhain

Samhain Installation and Configuration

Install and Preconfigure a Database Server

Choose a supported database server and have it installed and pre-configured prior to configuring samhain. I've chosen PostgreSQL.

Install

Ubunutu Feisty Fawn 7.04 has a samhain package in System Administration (universe).

apt-get install samhain

Configuration

Creative Commons License

Author: James B. Crocker

EMail: james@constantsc.net

http://i.creativecommons.org/l/by-sa/3.0/88x31.png

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License.


CategorySecurity

samhainIDS (last edited 2013-08-20 14:24:31 by ubuntu-james-crocker)