[CLUE-Tech] Security tools

ian iguy at ionsphere.org
Fri Sep 28 14:05:32 MDT 2001 

There is a bunch of contributed things that will notify you in various
ways.  One that might be useful for you then is to use snort to do the
logging and then swatch or logcheck to generate and email or launch a 
gtk/tk/python/perl/kde/qt whatever type of window that you want.

ian


On Thu, Sep 27, 2001 at 11:04:23AM -0600, Jed S. Baer wrote:
> I haven't read the snort docs for a while, so I'm going on memory here.
> When I was looking at it, I thought hey, that's cool, but why can't I get
> an X11 popup when there's an alarm? IIRC, it would do a WinPopup, but that
> doesn't help much, coz I boot my windows box about once every 2 weeks.
> Doesn't it require Samba for the WinPopup to work? If that's true, then
> one would have to be checking /var/log/messages, or some other logfile, to
> get notified when an intrusion is in progress. The cool thing would be a
> little Tk or gtk app with also had some sort of semaphore process, or
> would just tail|grep the logfile, and do visual/audible notification
> immediately when an intrusion is detected. I suppose that if one is
> confident of one's settings, that just letting it do it's thing silently
> in the background is a good thing -- avoiding gobs of annoying popups
> which require no action -- but I'd like to know when I'm being
> portscanned, and I couldn't see an easy way to set that up.
> 
> ian <iguy at ionsphere.org> wrote:
> 
> > Snort is considered the best open source IDS out there.  What don't you
> > like about it?
> > 
> > ian
> > On Wed, Sep 26, 2001 at 10:24:52PM -0600, Todd M. Gipson wrote:
> > > Can someone point in the direction of a strong open source IDS system.
> >  I am
> > > currently using snort.  I am not that impressed with it.  Thanks in
> > advance.
> > > 
> > > Todd
> > > 
> > > _______________________________________________
> > > CLUE-Tech mailing list
> > > CLUE-Tech at clue.denver.co.us
> > > http://clue.denver.co.us/mailman/listinfo/clue-tech
> > _______________________________________________
> > CLUE-Tech mailing list
> > CLUE-Tech at clue.denver.co.us
> > http://clue.denver.co.us/mailman/listinfo/clue-tech
> > 
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list