Hi,

I have my new dedicated box for about 2-3 weeks now and it's running fine. However, I have seen that hackers seem to be more and more active and I would like to install on by box a monitoring / intrusion software in order to be proactive (and not wait until the bad / worse comes). I know it will not protect my box 100%, but I would like to ensure I have the best tools to ensure a good protection.

I've seen so far NetSaint and Tripwire, which one would you recommend, what are you using, etc.

Any suggestion welcome of course ;)

www.snort.org, also works nicely with www.demarc.org.

In the hosting industry, security is an aspect all to commonly not put as a priority - its nice to see people being more 'proactive' towards the obviouse threats.

The deal between netsaint and tripwire - well they are two very different peaces of software. From my recolection, netsaint is a monitoring suite with a 'plugin' style scheme - mainly designed for the central monitoring of remote hosts. Whereas, tripwire is a file system integrity monitor. It stores secured checksums of vitial system files, inside a secure database format witch is protected with a pass phrase.

As far as integrity goes - tripwire is one of the best, although it is somewhat time consuming and becomes a rather daunting task after awile. I have found that Securityfocus.com has a nice assortment of integrity applications that are more streamlined than tripwire (and witch provide the same features and then some). The bottom line is that tripwire is a top-notch file system intregrity monitor, but its methods are a bit arcane and time consuming.

Back to netsaint, I have never used it offhand myself but i did review its site a great deal while in search for a client/server style monitoring app. Netsaint did rank on the top of my list as a canidate for something id try implamenting but in the end i went stead fast with Demarc.com's PureSecure software. Demarc.com offers a fully featured web application witch integrates both local event monitoring and remote service monitoring, not to mention its great integrity features & the seamless integration with Snort!

In my books i give PureSecure 4 out of 5 star rating - why ?
because the simple fact that PureSecure is essentialy flawed down to the base of its coding. It is designed to pass parameters to HTML POST/PUT requests and as such generates VERY long URL requests when performing things such as event searches. Therein apache or other web servers report errors such as "Requested url exceeds limit." and then you will realize the 2600+ snort events your trying to process are useless cause you cant even dump/search the payloads! And then you start kicking yourself for implamenting such crappy software (CGI ? eek! what was i thinking!). Opinions aside, i think PureSecure would be much more powerfull if it had been coded in PHP/MySQL or the sorts.

And il spare any more rambling cause i know iv typed enough.... Below are some other noteable threads & sites that may be of interest:
http://www.webhostingtalk.com/showthread.php?s=&threadid=46195
http://www.webhostingtalk.com/showthread.php?s=&threadid=45887
http://www.webhostingtalk.com/showthread.php?s=&threadid=45885
http://www.securityfocus.com
http://www.r-fx.net/lib.php
http://www.packetstormsecurity.net
http://www.wiretapped.net