[ubuntu-hardened] Linux Intrusion Detection and you

Kees Cook kees at ubuntu.com
Wed Oct 31 16:17:39 GMT 2007

On Tue, Oct 30, 2007 at 11:05:48PM -0700, Jeff Schroeder wrote:
> This is really just to get a discussion going, but what does everyone
> think of integrating a decent set of IDS tools into Ubuntu?

I love the idea.  I'm personally a big fan of reactive IDS.  With snort
caught up to upstream versions again, that's a good place to start.  The
packaging for the inline mode needs work, though.

> Kees Cook has already mentioned putting auditd in main. Comprehensive

This was Mathias, but yes, I agree.  Getting a good audit framework will
help multiple programs.

> OSSEC upstream, Daniel Cid, is very easy to work with and open to new
> ideas / patches. The code is incredibly clean. We should look into
> packaging OSSEC and getting it into {Debian,Ubuntu}. Since extreme
> portability is a concern, the build scripts are a bit strange though.

I'm happy to help review uploads.  Getting people involved in MOTU[1] is
a great way to get these projects into Ubuntu.


[1] https://wiki.ubuntu.com/MOTU

Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20071031/e0f0a3bb/attachment.pgp 

More information about the ubuntu-hardened mailing list