How to configure a host intrusion detection system on CentOS

One of the first safety measures that any sysadmin may want to implement in their production servers is a mechanism to detect file tampering – not only the content of files, but also their attributes. AIDE (short for “Advanced Intrusion Detection Environment”) is an open source host-based intrusion detection system. AIDE checks the integrity of […]
Continue reading…

 

How to compile and install Snort from source code on Ubuntu

Snort is by far the most popular open-source network intrusion detection and prevention system (IDS/IPS) for Linux. Snort can conduct detailed traffic analysis, including protocol analysis, packet content searching and matching, all in real-time. The latest Snort rule sets are available for download either for free or with a paid subscription. You can install Snort […]
Continue reading…

 

How to protect SSH server from brute force attacks using fail2ban

One common attack on SSH service is brute force attacks where a remote attacker indefinitely attempts to log in with different passwords. Of course there are arguments against password authentication for SSH, and alternative authentication mechanisms such as public key authentication or two-factor authentication exist to obsolete such attacks. Putting aside pros and cons of […]
Continue reading…