Isn't portsentry primarily designed just to react to portscans only?  I
don't think it will detect modified files or send alerts about attempted
exploits.

Portsentry is a good tool though.  It'll generate ipchains rules to block
the ip of a host which is scanning you.  I have a friend who runs it at the
dorms at the U of MN.  He gets scanned ALOT.  Someone broke into his box
last year and was saturating a DS3 with his box doing a DoS against some
other site.   

Jay


> -----Original Message-----
> From: grey Moon-Wolf [mailto:mtsqph at yahoo.com]
> Sent: Sunday, December 31, 2000 5:43 PM
> To: tclug-list at lists.real-time.com
> Subject: Re: [TCLUG] Linux Intrustion Detection?
> 
> 
> 
> --- Bob Tanner <tanner at real-time.com> wrote:
> > Anyone have a recommendation on intrustion detection
> > software for linux?
> 
> Portsentry... check out Nov/Dec 2000 issue of Maximum
> Linux, might be a bunch of meatballs but they have
> provided some pretty decent software... The issue
> deals with security matters... found it a good read.
> And the free CD had some interesting downloads.
> Manuel.
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - Share your holiday photos online!
> http://photos.yahoo.com/
> _______________________________________________
> tclug-list mailing list
> tclug-list at lists.real-time.com
> https://mailman.real-time.com/mailman/listinfo/tclug-list
>