What intrusion prevention systems exist for ubuntu, and then through iptables it’s not really possible to foresee everything? Snort as I know only notifies, but does not block.
6 answers
In the desktop version I prefer the Arno-iptables-firewall script: http://unixteam.ru/content/obzor-arno-iptables-firewall-nastroyka-faervola-cherez-skript-arno-iptables By the way, I started using it from ADSL times and then he stayed.
Anton Reshin Anton Reshin
408 3 silver marks 9 bronze marks
|
fail2ban - analysis of logs and ban of those who fell under the template
dmitry 1 dmitry 1
204 1 silver mark 2 bronze marks
- not very useful - jack-out
|
However strange it may seem to you, the simplest and most reliable protection against invasions is:
- properly configured firewall
- restriction policy
- regular security updates
Iptables complicated. For a variety of tasks, it’s enough to do without the UFW:
UFW : https://wiki.404.city/ufw
See current connections. Allow the necessary and block ufw everything else. Put the necessary rights to the files, run dubious programs in the sandbox. Set up regular updates.
In addition to the firewall, other popular intrusion prevention systems are SELinux and AppArmor. SELinux and AppArmor are effective, but take a long time to configure (when used on a desktop).
SELlinux: ru.wikipedia.org/wiki/SELinux
AppArmor : ru.wikipedia.org/wiki/AppArmor
Charlie Chaplin Charlie Chaplin
21 2 bronze marks
|
Snort and similar intrusion prevention systems are designed to protect networks rather than individual hosts, and certainly not to protect the desktop. These are not analogues of products like Kaspersky Internet Security (: This is a little about something else.
As far as I understand you want to protect your workstation from attacks from the network. In the case of most GNU / Linux distributions, it’s enough to "not shoot yourself in the foot." Unfortunately, there are a great many ways to shoot yourself in the foot and it is impossible to warn everyone.
MrClon MrClon
1.630 6 silver marks 17 bronze marks
|
Look at the SmoothSec project | Intrusion detection made simple.
huffman huffman
1,829 1 golden mark 7 silver marks 11 bronze marks
- there are just pre-installed components snort - jack-out
- snort there as one of the components. - huffman
|
- Configure the Firewall and set its zone for new networks by default.
- Switch SELinux to "enforcing" mode and the type of protection in "mls". Configure restrictions for processes. Use SELinux.
- Set up and use auditd to audit the file system.
- Configure and use fail2ban / sshguard to limit the number of unauthorized access attempts.
- Use best-practice when configuring daemons.
- USE SELINUX!
Tihon tihon
487 4 silver marks 13 bronze marks
|