I was woundering if anyone knew of a good IDS sytem for linux?

I was just going through my logs and came accross a lot of these :

/cgi-bin/db2www
/cgi-dos/args.bat
/_vti_pvt/administrators.pwd
/cgi-bin/db2www.exe
/pbserver/pbserver.dll
/cgi-bin/wrap.cgi
/lcgi/ndsobj.nlm
/cgi-bin/calendar_admin.pl
/show_bug.cgi 2
/cgi-bin/wwwboard.pl
/cfdocs/expeval/openfile.cfm
/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report
/pccsmysqladm/incs/dbconnect.inc
/shop/product.ast
/scripts/..%c1%1c../..%c1%1c../mssql7/install/pubtext.bat\"+&+dir+c:+.exe
/cgi-bin/wwwboard.cgi

which looks like someone was trying to get into a windows system. There is about 500 - 600 of these.

Thanks in advance for any help

Basza

Try Snort. Personally, I use clarkconnect for all of my servers. My firewall, and my webserver are all clarkconnect. They use snort for IDS.

Based on RH9.0 of course.

Ok thanks , I'll look at snort tomorrow