Go Back   cPanel Forums > cPanel® and WHM® (for Linux® and FreeBSD® Servers) > cPanel and WHM Discussions

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-20-2004, 01:21 PM
Banned
 
Join Date: Feb 2002
Posts: 656
AbeFroman can only hope to improve
What kind of Intrusion Detection System is appropriate for a web server?

What kind of Intrusion Detection System is appropriate for a web server?

Has anyone caught an intruder?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 02-20-2004, 04:25 PM
Registered User
 
Join Date: Jan 2004
Posts: 227
nybble is an unknown quantity at this point
Snort

Check out "Snort", might need google to find it
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 02-20-2004, 05:16 PM
Banned
 
Join Date: Feb 2002
Posts: 656
AbeFroman can only hope to improve
I downloaded that, please briefly describe how you use it on your web server.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 02-20-2004, 05:48 PM
Registered User
 
Join Date: Jan 2004
Posts: 227
nybble is an unknown quantity at this point
Read the FAQ
It looks for stuff that is not normal
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 02-20-2004, 11:17 PM
Registered User
 
Join Date: Apr 2003
Location: Lewisville, Tx
Posts: 966
kris1351
If you don't understand the included documents I recommend going to someone like Ryan at http://www.rfxnetworks.com and having them install it and other security applications. I believe Rack911 is another good alternative for these services also.
__________________
Kris
NCServ, LLC.
WebHosting - Dedicated Servers - Colocation
sales@ncerv.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 02-21-2004, 12:39 AM
Banned
 
Join Date: Jun 2003
Posts: 293
cyberspirit is on a distinguished road
I would like to point out that IDS systems are not very useful if they are run on the same host they are to protect. IDS systems are much better of if they either sit in a network or on the bastion host. So do not expect too much in terms of security.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 02-21-2004, 04:37 AM
Registered User
 
Join Date: Jan 2004
Posts: 81
ToddW
Quote:
Originally posted by kris1351
If you don't understand the included documents I recommend going to someone like Ryan at http://www.rfxnetworks.com and having them install it and other security applications. I believe Rack911 is another good alternative for these services also.
Brute Force Detection from RFX Networks is great, and that URL provided step-by-step guide how to install it yourself.. FREE.

CHKROOTKIT will be useful for determing if a root kit has been placed on your server giving unwanted access to hackers/crackers.

And for more basic CPanel Security there are a few more how-tos there that should be done to CPanel and general webservers as well.

If you personally need help, or find a how-to lacking CONTACT ME! I will help you fix your problem, and FIX the how-to!!!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 02-21-2004, 04:54 AM
Registered User
 
Join Date: Nov 2002
Posts: 123
thedavid
Quote:
Originally posted by cyberspirit
I would like to point out that IDS systems are not very useful if they are run on the same host they are to protect. IDS systems are much better of if they either sit in a network or on the bastion host. So do not expect too much in terms of security.
This is definitely true. The best setup is to use a ethernet tap upstream of your boxes that you monitor. That said...

Host-based IDS is better than no IDS at all, and can be a good edition to a well layered security strategy. Since lots of folks nowadays don't colo, host-based is often the only solution (short of buying more services from their DC).

-David
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 02-21-2004, 06:03 AM
Registered User
 
Join Date: Jan 2004
Posts: 227
nybble is an unknown quantity at this point
@ servermatrix you can rexuest how they setup your servers... so for $55 you could run an IDS< plus a $50 moving charge
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 02-23-2004, 01:54 PM
Banned
 
Join Date: Feb 2002
Posts: 656
AbeFroman can only hope to improve
What is /etc/apf?

I don't have that.

How do i get it? I am assuming its a firewall of some sort.

Quote:
Add any IP address that you want to be ignored from the rules.
If your server provider is doing monitoring add their IP(s) here.
Since you need these IPs open in APF as well you cancopy the IPs you used in APF
Type: pico -w /etc/apf/allow_hosts.rules
Then scroll down to the bottom and copy those IPs (drag mouse over that's it)
Press: CTRL-X
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 02-23-2004, 03:13 PM
Registered User
 
Join Date: Jul 2002
Location: Canada
Posts: 663
ramprage is on a distinguished road
Abe,

/etc/apf refers that you have the APF firewall installed on your server. For a full install guide please read this: http://www.webhostgear.com/61.html
__________________
Upload Guardian 2.0 - Sign up for our early beta
ServerProgress - Server security, consulting and assistance
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 02-25-2004, 03:19 PM
Banned
 
Join Date: Feb 2002
Posts: 656
AbeFroman can only hope to improve
What is better Snort or LIDS and why?
What is better Snort or LIDS and why? Is snort compiled into the kernel?

What are gresecurity and pax? http://pax.grsecurity.net/
Can you use those together with Snort and lids?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 04:56 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© cPanel Inc