Forum OpenACS Q&A: Re: Intrusion detection system

Collapse
Posted by Vinod Kurup on
Hi Aldert,

I use Samhain and AIDE on my little system. They do similar things, basically looking for any filesystem changes and emailing you if they find a problem. Samhain runs as a daemon and emails you instantly. AIDE runs as a cronjob as frequently as you like.

One minor issues is that Samhain issues a lot of emails (in the 100+ range) on reboot. All of those emails were going through spamassassin on my system which then really loads the system down. I fixed it by having spamassassin skip local messages sent to me.

I'm not an expert on any of these -- just set them up via the debian documentation.

Best wishes,

Vinod