Topic: Intrusion Detection

[Jehu]

Is there an Intrusion Detection monitor that works with e-smith 5.1.2.  That can let me know if anyone is trying to hack my system. One that has a graphicial interface.

Thanks,
Jehu.

[kenshin]

I'm currently working on an RPM of psionic's portsentry for SME 5.1.2

[Kevin McClain]

Great! let us know when you are finished.
I would be happy to help test it for you.

[Wietse]

I am interested too! Please post a reply here as soon as you have more info!!! Thanks in advance!

[Bruce]

I am interested too! Please post a reply here as soon as you have more info!!! Thanks in advance!

[Sassou Efoe Boris]

I'm working a version of Demarc Pure Secure for SME/E-SMITH (http://www.demarc.org)

There is an alpha version available at ftp://ftp.speedfactor.ath.cx/demarc

If you could send me some feed back i would be please.
(Sorry for my english , i'm french)

[Dean Mumby]

This really looks cool (demarc) I will download and install tonight on a test server , will report back asap. I think this is really worth a look , a whole centralized monitoring system.

Dean

[kenshin]

Well I got the RPM I made to install... and it works.. I'll put it on a site and give you guys the link tonight...
I'll have the ServerManager mod done by tomorrow...

As for Demarc... it looks cool, but you need to install libpcap, SNORT and add more perl modules...

Too much of a headache for nothing.

[Dean Mumby]

Hi Kenshin

I will also gives yours a shot .. no point putting all our eggs in one basket..

I look forward to your contrib

Regards
Dean

[Confucius]

Kenshin,

Can you mail me your link for the RPM you made... love to see your work at my work

TIA,

Harro

[Jehu]

Hey kenshin can you help me with the install. I installed it but don't know how to login. I get to the last login and I get access denied. I don't know how to create the account to access this.  The documentations at the website does not go into details.  It is hard for a newbie like me to understand.
Please help.
Thanks,
Jehu.

[kenshin]

Hey guys, I got the How To at http://www.netfrost.com/kenshin
A friend of mine is hosting it for now...
This is just the first release, so be gentle...

I'll have an other release with more configurability and with more ServerManager functions out in a few days.

Kenshin Out.

[Craig]

Just adding my name to the list of people interested in this project. Please post any updated information as available.

Will download and try what you have so far.

Regards
Craig

[Jehu]

I think I have done everything and I cannot log into https://myserver/demarc, no matter what username and password I use.
Also when I try to run demarcd -I and it ask for the name of this sensor. What name should I use, I get an error at the end when this is finish. Tried to use different names but it does not work.
Issuing: /usr/sbin//snort -q -c /usr/local/demarc/conf/snortppp0.conf -i ppp0
database: mysql_error: Access denied for user: 'admin@localhost' (Using password: YES)
Fatal Error, Quitting..
snort: no process killed.
Please can someone help.
Thanks,
Jehu.

[Sassou Efoe Boris]

Hi !
Have you read all the how-to (sorry for my poor english) ?
You seems to have a database problem , and snort problem
I've not enough information but i suggest you to read the documentation on the Demarc site : http://demarc.com/documentation/demarc-install.html

I hope it will help you

Greetings
Boris

[John Gause]

Yes I would love to get the link to. I am a big fan of portsentry I have it running on my other linux boxes but I would like to deploy it to my SME 5.1.2 boxes

[John Gause]

Just wanted to see if anyone got portsentry to work with SME 5.1.2

[matjaz]

Add me too!

[John]

I just wanted to see if you got the RPM finished I would really love to use Portsentry I am a fan of the program. I currently use it on a couple of Redhat Linux boxes but would love to use it with SME

[SniperG]

ftp://ftp.rpmfind.net/linux/freshrpms/enigma/portsentry/portsentry-1.1-fr6.i386.rpm

For PSentry RPMs .. I have installed this and it works fine .

[Cyrus Bharda]

Kenshin,

tryed to find your Howto at http://www.netfrost.com/kenshin but got 404, is there any other place your Howto is available?

Thanks

Cyrus Bharda

[Sassou Efoe Boris]

Yes,

You can find it on this address : ftp://ftp.speedfactor.ath.cx/demarc/

Greetings
Sassou Efoe Boris

[Tony]

Thanks for this howto...

One question tho...at the end of the installation proces I get an error about the table snort.sensor that does not exist. If I check the tables that were created I can't see that table. Should I create that table myself?

or did I do something wrong?

[Tony]

I think it's time to kick this topic

Anyone yet?