1. Home
  2. Linux systems
  3. Secure Linux-based Servers

Section 11.5. Resources

  1. Amoroso, Ed. Intrusion Detection. Sparta, NJ: Intrustion.Net Books, 1999.

    Excellent introduction to the subject.

  2. http://web.mit.edu/tytso/www/linux/ext2intro.html

    Card, Rémy, Theodore Ts'o, and Stephen Tweedie. "Design and Implementation of the Second Extended Filesystem."

    Excellent paper on the LinuxEXT2 filesystem; the section entitled "Basic File System Concepts" is of particular interest to Tripwire users.

  3. Northcutt, Stephen and Judy Novak. Network Intrusion Detection: An Analyst's Handbook. Indianapolis: New Riders Publishing, 2001.

    A very practical book with many examples showing system log excerpts and configurations of popular IDS tools.

  4. http://www.chkrootkit.org/

    Home of the chkrootkit shell script and an excellent source of information about how to detect and defend against rootkits.

  5. http://sourceforge.net/projects/tripwire

    Project pages for Tripwire Open Source. The place to obtain the very latest Tripwire Open Source code and documentation

  6. http://prdownloads.sourceforge.net/tripwire/tripwire-2.3.0-docs-pdf.tar.gz

    Tripwire Open Source Manual and the Tripwire Open Source Reference Card in PDF format. Required reading! (If this link doesn't work, try http://sourceforge.net/project/showfiles.php?group_id=3130).

  7. http://www.tripwire.org

    Home page for Tripwire Open Source. Binaries for Linux available here.

  8. http://www.tripwire.com/downloads/tripwire_asr/index.cfml?

    Tripwire Academic Source Release download site.

  9. http://securityportal.com/topnews/tripwire20000711.html

    Article on using Tripwire Academic Source Release, by Jay Beale (principal developer of Bastille Linux).

  10. http://www.cs.tut.fi/~rammer/aide.html

    Official web site for the Advanced Intrusion Detection Environment (AIDE).

  11. http://www.geocities.com/fcheck2000/

    Official web site for FCheck, an extremely portable integrity checker written entirely in Perl.

  12. Ranum, Marcus J. "Intrusion Detection & Network Forensics."

    Presentation E1/E2 at the Computer Security Institute's 26th Annual Computer Security Conference and Exhibition, Washington, D.C., 17-19 Nov 1999.

  13. http://www.snort.org

    Official Snort web site: source, binaries, documentation, discussion forums, and amusing graphics.

  14. http://www.cert.org/kb/acid

    The Analysis Console for Intrusion Databases (ACID) is a PHP application that analyzes IDS data in real time. ACID is a popular companion to Snort because it helps make sense of large Snort data sets; this is its official home page.

  15. http://www.algonet.se/~nitzer/oinkmaster

    Home of the Oinkmaster auto-Snort rules update script.

  16. http://www.whitehats.com

    Security news, tools, and the arachNIDS attack signature database (which can be used to update your SNORT rules automatically as new attacks are discovered).

  17. http://www.lids.org

    The Linux Intrusion Detection System (LIDS) web site. LIDS is a kernel patch and administrative tool that provides granular logging and access controls for processes and for the filesystem.



    		Building Secure Servers with Linux
    		Preface
    		Chapter 1. Threat Modeling and Risk Management
    		Chapter 2. Designing Perimeter Networks
    		Chapter 3. Hardening Linux
    		Chapter 4. Secure Remote Administration
    		Chapter 5. Tunneling
    		Chapter 6. Securing Domain Name Services (DNS)
    		Chapter 7. Securing Internet Email
    		Chapter 8. Securing Web Services
    		Chapter 9. Securing File Services
    		Chapter 10. System Log Management and Monitoring
    		Chapter 11. Simple Intrusion Detection Techniques
    		Section 11.1. Principles of Intrusion Detection Systems
    		Section 11.2. Using Tripwire
    		Section 11.3. Other Integrity Checkers
    		Section 11.4. Snort
    		Section 11.5. Resources
    		Appendix A. Two Complete Iptables Startup Scripts
    		Colophon