What is a good intrusion detection system I can use for my cpanel server?


Well-Known Member
Oct 4, 2007

The firewall has LID (login/intrusion detection) - if anyone logs in I get an email about it. It's not often my resellers log in, so I can keep an eye on things if they do - ESPECIALLY if they try themselves a su or sudo command, in which I also get notified of.

If root logs in you also get an email about that. It's all rather quick too, I often try logging in and intercepting the email that goes out and informs myself. It's good fun trying to beat your own security. (If you create yourself a macro when you manage to login as root, you can shtudown exim, delete the email, restart it) - Having said that, you'd need the password before this can actually happen - and with brute force protection (and temp IP ban with the firewall), I suppose that'd be a little far fetched.

Then again - I may just have too much time on my hands.