Mark Rogers asked: [...]
It's quite a simple but effective script (just searching for keywords and emailing the offending section of code to me to investigate) but it isn't maintained and there's probably better tools out there.
My question is: what tools do other people use/recommend?
Most distributions have some intrusion detection software, so that's a start, then there's external monitoring to try to spot the machine doing anything "strange".
Recently, I've tried apache's mod_security on some servers, but configuration seems to be a bit of an art, so test the setup somewhere first and monitor it very closely when deployed.
Other than that, following security alerts and running sweeps for specific vulnerable versions when a new alert appears will do a lot to keep intruders out. Other problem-specific tools like that script rarely hurt, but it would be hard enough to collect enough of them to cover problems in general.
What are others doing?
Also, what are the web applications which cause you the most alerts? This month, for us, it's been Zencart and Wordpress. I wish users would realise the importance of upgrading Wordpress when that "upgrade now" banner appears on the dashboard. If they installed it themselves, upgrading isn't much different. Thanks to various things, it's a pretty big "kick me" sign if you run an old version.
Regards,