Any IDS tool similar to LIDS?

I tried but failed to install LIDS on Debian,so I have to find a replacement.

I'm not sure,but LIDS wont be the ONLY IDS system that works on Kernel level,so Any IDS tool similar to LIDS? even better ones?

BTW,LIDS sucks,bad documents,bad support………..absofuckinglutely a nigntmare

5 Replies

The common recommended ones are:

Tripwire (Payed) - http://www.tripwire.com/

AIDE (Free) - http://aide.sourceforge.net/

However, if you're running a web server, some say it is to resource intensive. It might be better to have a CRON job run rkhunter (http://www.rootkit.nl/) or chkroot (http://www.chkrootkit.org/) and have the original system hashes stored on a separate system.

I asked a similar question not so long ago on server fault. Hopefully some of the tips there can help you:

http://serverfault.com/questions/202112 … y-overkill">http://serverfault.com/questions/202112/web-server-security-overkill

I am a newbie in this area as well, so hopefully someone can be more informative!

Best of luck!

Thanks a lot+ a lot +a lot.

as far as I know, LIDS can protect the kernel but TripWire cannot.

I guess,if you use LIDS,it's impossible to install a rootkit into your system,it cannot be really hacked.

if you use TripWire instead,you can find the system has been hacked if it does,but then you also have to reinstall the OS.

am I right?

BTW,is it really necessary to disable the password authentication of SSH? the length of my root password is 40,Isn't that safe enough?

@decbin:

BTW,is it really necessary to disable the password authentication of SSH? the length of my root password is 40,Isn't that safe enough?

Once configured, key auth is much simpler to use. It's more portable, less dependent on your memory, and also many, many times more secure.

@akerl:

It's more portable, less dependent on your memory, and also many, many times more secure.

Let me know how I can log on from a random remote machine without carrying around a USB stick with my key on it and I'll agree that it's more portable. Until then, key-only auth is uselessly restrictive since it prevents me from logging in without carrying storage media around with me at all times.

@Guspaz:

@akerl:

It's more portable, less dependent on your memory, and also many, many times more secure.

Let me know how I can log on from a random remote machine without carrying around a USB stick with my key on it and I'll agree that it's more portable. Until then, key-only auth is uselessly restrictive since it prevents me from logging in without carrying storage media around with me at all times.

And that's why I'm grateful for lish!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct