[ubuntu-hardened] Linux Intrusion Detection and you
Kees Cook
kees at ubuntu.com
Wed Oct 31 16:17:39 GMT 2007
On Tue, Oct 30, 2007 at 11:05:48PM -0700, Jeff Schroeder wrote:
> This is really just to get a discussion going, but what does everyone
> think of integrating a decent set of IDS tools into Ubuntu?
I love the idea. I'm personally a big fan of reactive IDS. With snort
caught up to upstream versions again, that's a good place to start. The
packaging for the inline mode needs work, though.
> Kees Cook has already mentioned putting auditd in main. Comprehensive
This was Mathias, but yes, I agree. Getting a good audit framework will
help multiple programs.
> OSSEC upstream, Daniel Cid, is very easy to work with and open to new
> ideas / patches. The code is incredibly clean. We should look into
> packaging OSSEC and getting it into {Debian,Ubuntu}. Since extreme
> portability is a concern, the build scripts are a bit strange though.
I'm happy to help review uploads. Getting people involved in MOTU[1] is
a great way to get these projects into Ubuntu.
-Kees
[1] https://wiki.ubuntu.com/MOTU
--
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20071031/e0f0a3bb/attachment.pgp
More information about the ubuntu-hardened
mailing list