nobuzlata Posted July 29, 2023 Posted July 29, 2023 Hello community I've been struggling to find statistics and/or good references to commonly used host-based intrusion detection systems on Linux servers. Is there a recommendation from someone with experience and who has ideally deployed such systems? It would be helpful to see which HIDS you use or recommend. Regards, nobuzlata 0 Quote
Justin Gibson Posted August 16, 2023 Posted August 16, 2023 I don't know about intrusion detection, but access control systems are very much linux based. There was a startup called OpenPath that used a R-PI (2 or 3 series) and created a custom relay i/o hat. There was a 2 door version that was and is very popular. Motorola bought them out. Another access control solution that is a little more centralized is Avigilon ACM. Its a ubuntu based x86 image, that is made for Hyper-V and VMWare. The hardware is used with ACM is mercury based. And finally there is S2. Their access control software is also Ubuntu based. You can use pretty much any 26-bit weigand reader. OpenPath does offer their own (reader) as an option. Where its gonna get tricky is the hardware conversion. For example each of these companies (sans openpath) use/can use mercury based hardware, BUT!!!!! Those boards have to be flashed with compatible top secret firmware to prevent tinker people from making their own. 0 Quote
bedna Posted August 16, 2023 Posted August 16, 2023 (edited) It's not a "detection system" (other than it registers attempts to connect both successfully and unsuccessfully) but it is incredible competent about blocking access per app/protocol/ip level. I installed because I "just want to see what it is", Portmaster and ended up starting to rely on it. GUI based. I use a pihole so I do not feel I have the need to pay for anything but only use the free utilities in the program. For me it's so efficient that I quite a few times have scratched my head trying to figure out why stuff doesn't work, and then I remember, "aaah, portmaster"... xD Edited August 16, 2023 by bedna 0 Quote
greenknight Posted August 17, 2023 Posted August 17, 2023 I recommend looking at Snort and Zeek. Most IDSs are just a rip off of Snort especially the commercially available ones. Zeek is kinda a packet analyzer but I have seen cool things done with it to make and IDS. 1 Quote
TRS-80 Posted August 31, 2023 Posted August 31, 2023 I suppose greenknight gave the most relevant answer, if you are strictly looking for an 'IDS'. Personally I have also been looking at CrowdSec, which seems a lot less involved to set up (and also functions differently). I found the following article (even though hosted on CrowdSec blog) quite informative: Suricata vs CrowdSec. Now, besides the comparison made in the title, I found it interesting because of the historical context it gives about other software like Snort, Zeek, Suricata, etc. There is plenty of information on the Internet about this, you will need to do some research yourself and form your own opinion. It's not even related to Armbian per say, but I guess that's why we have this section now. 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.