I will be setting up a new CentOS 5 / Perfect Setup/ ISPConfig server. Currently, I'm running a test server with a similar setup just to experiment before going live with the real thing. 10 minutes after putting my test server online I was hit with port scans and within 8 hours there were 40,000 attempts to login via FTP and SSH. All of that got me thinking about security! I've read HowTos here regarding Bastille/PSAD, Snort & Base and others. Is there a consensus as far as recommended security packages to install? Obviously, I don't want to go overboard and have the security conflicting with my basic server operation, bogging things down or causes problems with updates. Given my setup, is there a minimum security setup I should consider beyond just the CentOS 5 / Perfect Setup/ ISPConfig server? Thanks in advance for any inputs!
After lots of Googling It appears to me that 2 essential Linux security tools are Snort and Ossec. Snort does network intrusion prevention Ossec does host intrusion prevention There doesn't seem to be excessive overlap between the two packages so they should work together. Both appear to work with Base as the web front end but, I have no clue how you would install and integrate the 3 packages. Has anyone installed Snort, Ossec & Base? I would like to know and certainly would love to see a HowTo. Hint hint.
Snort & Base I found a great HowTo for installing Snort & Base on CentOS 5: http://www.internetsecurityguru.com/
Take a look here: http://www.howtoforge.com/intrusion_detection_with_ossec_hids http://www.howtoforge.com/intrusion_detection_base_snort
I installed snort, base and barnyard. Everything seemed to go well but I'm not getting any results in base. It shows all zeros.
Solved! I finally got Base working! The problem was a sensor number mismatch: barnyard.conf had sensor_id 1 the sensor "sid" in the mysql database was set to 2 I simply changed the sid from 2 to 1 in the database and Base came to life!
