Harden Debian by Using IDS
Intrusion Detection System (IDS) are available for intrusion detection for both server and network. This section guides you on hardening Debian by using IDS.
Identified Threats
These are the identified threats related to Debian software.
(T-106) Network Intrusion Is Not Monitored In Real Time
Network intrusion must be constantly monitored when the system is connected.
(T-107) Host Intrusion Is Not Monitored Periodically
Host intrusion must be constantly monitored when the system is running.
(T-108) Rootkit and Kernel Intrusion Is Not Monitored Periodically
Rootkit and kernel intrusion is not monitored when the system is running.
Actions Required
Here are the list if actions to counter the issues.
Use Host IDS like Tiger
Debian does prepare host IDS like Tiger to monitor host settings and local systems.
Use Network IDS like Snort
Debian does prepare network IDS like snort to monitor connected network.
Use Rootkit IDS like Chkrootkit
Debian does prepare rootkit IDS like chkrootkit to monitor rootkit temperament.
That's all for hardening Debian by using IDS.