Help me setup AIDE and snort. IDS... Do you just unplug the VPN?

If i would use AIDE and snort… Would i need to disconnect the VPN temporarily to sniff the traffic?
Can i still sniff it with some wierd setup? Do i use AIDE in dom0? And snort in sys-firewall, or every cube? What about open-snitch? Where should i place it?
Can anyone with experience in snort and tripwire anwer me please? Thanks, and hope you have a good new years eve. Peace

I just installed an IDS in dom0… But i need to learn how to use it later on though…
Could someone provide me with a nice dom0 aide config file? :slight_smile:

This is coding stuff… Too advanced for me, but should exist in Qubes in my opinion by default… An aide check. A system check…
The point of security when i think about it, is not just having a resonable secure system, but the overview of stuff also. Aide, wireshark and so on…
Aide in dom0 would tell if someone has been on the system! That’s great!

Wireshark should be in sys-firewall? The VPN needs to be shut down then… That’s the issue if it’s always on… Some check of the integrity of Qubes would be a nice feature in Qubes 5.8 :wink:
An alarm sound if some file been edited. That would been sweet. Hackers on the system?
Beep beep. Qubes got you covered. :wink:
At-least you know…
Where should snort be? sys-firewall? How do i set that up?

… … …nvm

I tried AIDE and it generated everything on the fly! Great tool!