Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Intrusion Detection System for LEB
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Intrusion Detection System for LEB

DolingoDolingo Member
edited December 2012 in General

I'm looking for an intrusion detection system for my new LEB. Currently I'm using OSSEC but I would like to hear your opinion before go ahead.

Comments

  • erhwegesrgsrerhwegesrgsr Member
    edited December 2012 
    $ cat /etc/profile.d/haxoralert
#!/bin/sh
mail [email protected] "omg, haxor!! $(who)"
  • eastoncheastonch Member

    @bronzebyte has hit the nail on the head... Make a mailer script that fires you something everytime it's logged in, otherwise.... just lock it down to keys? :P

  • DolingoDolingo Member

    Simple and useful. Thank you.
    On the other hand what do you think of solutions like OSSEC in a LEB environment.

  • RaymiiRaymii Member

    AIDE

  • corehostingcorehosting Member

    There's a lot of solution to make a tripwire like - or tripwire itself - detection, just find the one that suits you.
    OSSEC may be a bit overkill imo

  • jarjar Patron Provider, Top Host, Veteran
    edited December 2012

    CSF/LFD are simple and effective. I can't imagine many of us needing more than that setup offers. It's just so easy to build something so effective with that installation and 15 minutes of your time. Unless I'm misunderstanding the need.

  • gubbytegubbyte Member

    lol, as if anyone cares enough to try and intrude a LEB
    stop being pretentious

  • jarjar Patron Provider, Top Host, Veteran
    edited December 2012

    @gubbyte said: stop being pretentious

    Depends on the content and the audience. Quality doesn't always scale in sync with quantity...of ram.

  • eastoncheastonch Member

    @gubbyte.... You're clearly missing the point?

    There's hundreds of thousands of "bots" out there that are auto attempting to brute their way inside of LEB's to join a botnet for DDOS fun. Think I'd want to know of any intrusion prior to getting a suspension notice.

    Not to mention, most users use these for personal blogs, testing, development, what if you had a really good program development going on which you were keeping closed? Then some arsehole gets in and ruins it / steals it?

    Don't assume a LEB has nothing personal or good inside of them, since it's not about the specification.

    For instance, 'some' hosts here may use LEB's to host their SolusVM Master, so they can keep off-site control panels for their on-site VPS nodes. Would you want that being intruded? With API access through WHMCS which has Client data? Not to mention, some hosts using LEBs to host their WHMCS installs too.

    /rant.

  • kbeeziekbeezie Member
    edited December 2012

    @gubbyte said: lol, as if anyone cares enough to try and intrude a LEB

    stop being pretentious

    Course from the outside, how do you know it's a LEB unless told?

    Far as the OP's question, on top of just having an automated email alert (if that's your thing, could even set it not to email you if it's a common IP address you always use), it's probably also best to shut down everything you don't use, like some people will only have ssh and www running, with ssh running on an alternate port.

    @eastonch said: There's hundreds of thousands of "bots" out there that are auto attempting to brute their way inside of LEB's to join a botnet for DDOS fun. Think I'd want to know of any intrusion prior to getting a suspension notice.

    In those situations, I'd rather have fail2ban, or something that would ban an IP for too many denied attempts in the auth/secure log.

Sign In or Register to comment.