
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
486
|
Chapter 13: Simple Intrusion Detection Techniques
You probably don’t need to schedule Oinkmaster (or whatever script you choose to
use) to run every 30 minutes, but I recommend scheduling it to be run at least twice
a day.
Resources
Amoroso, Ed. Intrusion Detection. Sparta, NJ: Intrustion.Net Books, 1999.
Excellent introduction to the subject.
Baker, Andrew, Brian Caswell, and Mike Poor. Snort 2.1 Intrusion Detection, Second
edition. Syngress, 2004.
Up-to-date details on Snort, ACID, Barnyard, and Sguil.
Card, Rémy, Theodore Ts’o, and Stephen Tweedie. “Design and Implementation of
the Second Extended Filesystem.” (http://web.mit.edu/tytso/www/linux/ext2intro.html)
Excellent paper on the LinuxEXT2 filesystem; the section entitled “Basic File
System Concepts” is of particular interest to Tripwire users.
Northcutt, Stephen and Judy Novak. Network Intrusion Detection: An Analyst’s
Handbook. Indianapolis: New Riders Publishing, 2001.
A very practical book with many examples showing system log excerpts and
configurations of popular IDS tools.
http://www.chkrootkit.org/
Home of the chkrootkit shell script and an excellent source of information about
how to detect and defend against rootkits.
http://sourceforge.net/projects/tripwire
Project pages for Tripwire Open Source. The place to obtain