Harden Debian by Using IDS

Intrusion Detection System (IDS) are available for intrusion detection for both server and network. This section guides you on hardening Debian by using IDS.

Identified Threats

(T-106) Network Intrusion Is Not Monitored In Real Time

(T-107) Host Intrusion Is Not Monitored Periodically

(T-108) Rootkit and Kernel Intrusion Is Not Monitored Periodically

Actions Required

Use Host IDS like Tiger

Use Network IDS like Snort

Use Rootkit IDS like Chkrootkit

Identified Threats

These are the identified threats related to Debian software.

(T-106) Network Intrusion Is Not Monitored In Real Time

Network intrusion must be constantly monitored when the system is connected.

(T-107) Host Intrusion Is Not Monitored Periodically

Host intrusion must be constantly monitored when the system is running.

(T-108) Rootkit and Kernel Intrusion Is Not Monitored Periodically

Rootkit and kernel intrusion is not monitored when the system is running.

Actions Required

Here are the list if actions to counter the issues.

Use Host IDS like Tiger

Debian does prepare host IDS like Tiger to monitor host settings and local systems.

Use Network IDS like Snort

Debian does prepare network IDS like snort to monitor connected network.

Use Rootkit IDS like Chkrootkit

Debian does prepare rootkit IDS like chkrootkit to monitor rootkit temperament.

That's all for hardening Debian by using IDS.

Back to Debian Security Hardening