Topic: Intrusion Detection

[Technocod]

A week or so back, I became convinced that my E-Smith 5.6 box had been compromised. It hadn't of course- and I won't bore you all with what had actually happened, but it did occur to me that, even after running various versions of E-Smith for 12 months or so, it was slightly ridiculous that I haven't a clue how to check for intrusion manually - I feel that I'm tempting fate by assuming all will be OK. I looked through the forum, and people have mentioned Portsentry, but there doesn't seam to be  a version for 5.6, and I am wary of trying to install an older version, with the changes in the firewall in version 5.6


I hope the E-Smith developers don't take this the wrong way, I'm NOT suggesting that SME Server can, or has been, hacked, and I rate it highly as a product, its really just for my own peace of mind. Can anyone point me in the right direction, or to a How-Too or something?

TIA

Technocod

[Boris]

Where are various solutions you can find for SME IDS. They can be found on this forum by searching ALL the dates.
Namely ACID/SNORT, SNORT/DEMARC, or just logwatch/logsentry combinations.
http://contribs.org is also becoming a good source of central links search for different add-ons and how-to's

[Technocod]

Thanks for that - searching for Snort / Acid lead me to the how-to at http://www.marari.net/downloads/snort/acid-howto.htm - which apears to have worked OK, after a couple of tweaks, due to version changes, I think (I hope!).

Anyhows - thanks again. I'll go back to that false sense of security now .

[guestHH]

Would you like to tell Mitel (smesecurity@mitel.com) about your findings?