Re: Working on a security program

[Saifi Khan <saifi.khan@xxxxxxxxxxxxxxx>]

On Tue, 30 Mar 2010, Walter wrote:

> Hi, all.  Despite my lack of response (sorry), I've been
> working on a security program.  Right now it uses auth.log
> to identify failed login attempts via telnet, ftp, and (of
> course) ssh.  I'm planning on "hard coding" this unless
> someone tells me I should look at other log files too.
> 
> I'm working on adding a check if the outside IP address
> changing to be able to reload the firewall if it uses it.
> And I'm thinking it'd be good to check if any of the system
> programs are changed - check the date-time stamp and size.
> These sorts of things can be done on a low rate periodic
> interval.
> 
> This has become somewhat of a compulsion for me of late,
> partly because I think it's a thing that ought to be, and
> because I'm using it to refresh my programming brain.  I
> would appreciate insights.  Thanks.
> 
> Walter
> 

Would setting up 'snort' help ?


--
thanks
Saifi.