You never worry about your site security until after your site has been hacked for the first time.你永遠不擔心您的網站的安全,直至您的網站之後,已被砍死,為第一次。 It is always a moment of truth, when you first realize how vulnerable you (your site & your data) truly are.它始終是一時刻,真理,當您第一次實現多麼的脆弱,你(您的網站與您的數據) ,真正是。 You have probably dozens of scripts running on your server ranging from weblog software, comment form, maybe a CMS like Mambo or Joomla, not to mention your home-grown scripts.您有可能幾十腳本運行在您的服務器上,從博客軟件,評論的形式,可能是細胞質雄性不育像曼波或joomla ,更遑論你的土生土長的腳本。 Have you ever had them audited?您有沒有遇到過他們審計? Do you always keep updating them whenever a new release is available?你總是不斷更新他們每當一個新版本是可用的? Do you run all your applications and scripts in chroot jail?你運行您所有的應用程序和腳本在chroot監獄? Do you regularly check for rootkits?你是否定期檢查的rootkit ? The answer to most of the above is probably no.答案上述大部分可能是沒有。 The truth is that any of them can lead to your site and data being compromised.事實真相是,他們任何可導致您的網站和數據受到損害。 In this context an intrusion detection system can provide you early warning when something goes wrong so you can fight it.在這方面的入侵檢測系統可以為您提供早期預警,當一些錯在哪裡,讓您可以撲滅它。 Let's look at Samhain, a popular intrusion detection system.讓我們看看samhain ,流行的入侵檢測系統。

Samhain is a multiplatform, open source software (GPL) for centralized file integrity checking & host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows…). samhain是一個多平台,開放源碼軟件( GPL的)集中文件完整性檢查及基於主機的入侵檢測上的POSIX系統(應用於UNIX , Linux , cygwin /在Windows … … ) 。 It has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host.它已被用來監測多個主機可能在不同的操作系統,由一個中央位置,雖然它也可以被用來作為獨立的應用程序一個單一的主機。

Samhain can be used standalone on a single host, but its particular strength is centralized monitoring and management. samhain可以單獨使用一個單一的主機,但其特別的力量,就是集中監控和管理。 Samhain can be extended by writing modules. samhain ,可以延長寫作模塊。 The client (or standalone) part is called samhain, while the server is referred to as yule.客戶端(或獨立)的一部分,是所謂的samhain ,而服務器是被稱為聖誕節。 Both can run as daemon processes.兩者都可以作為守護進程運行的進程。

The bottom line is that intrusion detection systems (Samhain or otherwise) are as much a necessity for web servers as virus checkers for individual PC's.底線是入侵檢測系統( samhain或其他方式)一樣,必要的網絡服務器作為病毒的棋子,為個人電腦的。