Jump to content

Recommended Posts

Posted

Hello community

I've been struggling to find statistics and/or good references to commonly used host-based intrusion detection systems on Linux servers. Is there a recommendation from someone with experience and who has ideally deployed such systems? It would be helpful to see which HIDS you use or recommend.

Regards, nobuzlata

Posted

I don't know about intrusion detection, but access control systems are very much linux based. There was a startup called OpenPath that used a R-PI (2 or 3 series) and created a custom relay i/o hat. There was a 2 door version that was and is very popular. Motorola bought them out.

Another access control solution that is a little more centralized is Avigilon ACM. Its a ubuntu based x86 image, that is made for Hyper-V and VMWare. The hardware is used with ACM is mercury based. 

And finally there is S2. Their access control software is also Ubuntu based.

You can use pretty much any 26-bit weigand reader. OpenPath does offer their own (reader) as an option.

 

Where its gonna get tricky is the hardware conversion. For example each of these companies (sans openpath) use/can use mercury based hardware, BUT!!!!! Those boards have to be flashed with compatible top secret firmware to prevent tinker people from making their own.

Posted (edited)

It's not a "detection system" (other than it registers attempts to connect both successfully and unsuccessfully) but it is incredible competent about blocking access per app/protocol/ip level.

I installed because I "just want to see what it is", Portmaster and ended up starting to rely on it. GUI based.
I use a pihole so I do not feel I have the need to pay for anything but only use the free utilities in the program.

For me it's so efficient that I quite a few times have scratched my head trying to figure out why stuff doesn't work, and then I remember, "aaah, portmaster"... xD

Edited by bedna
Posted

I recommend looking at Snort and Zeek. Most IDSs are just a rip off of Snort especially the commercially available ones. Zeek is kinda a packet analyzer but I have seen cool things done with it to make and IDS.

Posted

I suppose greenknight gave the most relevant answer, if you are strictly looking for an 'IDS'.

 

Personally I have also been looking at CrowdSec, which seems a lot less involved to set up (and also functions differently).  I found the following article (even though hosted on CrowdSec blog) quite informative: Suricata vs CrowdSec.  Now, besides the comparison made in the title, I found it interesting because of the historical context it gives about other software like Snort, Zeek, Suricata, etc.

 

There is plenty of information on the Internet about this, you will need to do some research yourself and form your own opinion.  It's not even related to Armbian per say, but I guess that's why we have this section now.

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines