# Trisentry replacement? "portsentry, hostsentry,logsentry"



## neurosis (Dec 10, 2008)

Ive read about this in the past and saw that it may be beneficial but also notice that it is no longer maintained or actually bought out by cisco? Are there any ports available that accomplish the same tasks as these? I want to say that I am interested in one more than the other but they all look beneficial. I see some of the older versions are still in ports but there is no logsentry or logcheck available anymore. Any suggestions? 

Sorry if this was the wrong area for this. I wasnt sure where to put it.


----------



## Lowell (Dec 10, 2008)

The individual parts are all in ports, and they don't seem outdated compared to the official distribution information.  Specifically, they are in the security category and are called logcheck, portsentry, and hostsentry.  They don't seem to be under active development, though.

If you know exactly what you want to do, you can probably get specific advice about the best way to accomplish it, but otherwise, you might want to go through the security section in the Handbook again in order to refine your intentions a bit.


----------



## neurosis (Dec 10, 2008)

> If you know exactly what you want to do, you can probably get specific advice about the best way to accomplish it



I guess that im not sure exactly what it is that I want since I still consider myself to be a freebsd newbie. I am trying to set up some sort of intrusion detection / network monitoring and some easier or even automated ways to go through my logs to pick out important information.


----------



## jb_fvwm2 (Dec 11, 2008)

samhain, mtree (ids), there are others. Howsoever
some guides show further steps like SSH and
firewall hardening inclusive in a guide to 
freebsd security also (if I recall)


----------

