Re: Root Kit Protection

To: Debian-Devel <debian-devel@lists.debian.org>
Subject: Re: Root Kit Protection
From: Guy Brand <guybrand@chimie.u-strasbg.fr>
Date: Thu, 17 Feb 2000 11:01:36 +0100
Message-id: <20000217110136.A770@bug.u-strasbg.fr>
In-reply-to: <20000216173248.C27100@plato.localdomain.local>; from erbenson@alaska.net on mer, fév 16, 2000 at 05:32:48 -0900
References: <EDFD2A95EE7DD31187350090279C67674AB178@THRESHER> <20000216173248.C27100@plato.localdomain.local>

Le 16 février vers 17:32, Ethan Benson écrivait :

> > Does this sound like it might be useful at all?  It's roughly the same as
> > tripwire or its ilk, but the auditing would be "pre-processed" such that you
> > don't have to build the "before" database on your system -- it get's updated
> > each time you install/upgrade Debian.
> 
> sounds like tripwire but i would hope a Free software version, which
> last time i looked did not exist...

  AIDE (http://www.cs.tut.fi/~rammer/aide.html) the "Advanced Intrusion
  Detection Environment" is a free rewriting and extension of tripwire.
  It has multiple integrity checking algorithms, not only md5. It's GPL
  and works fine.

> this would really be a great tool, if it were to play well with the
> dpkg system, things like tripwire become rather useless or impractical
> if you are following the unstable tree of debian since files on the
> system change nearly every day...

  Why if the packages sigs used by the "integrity checker tool" are part
  of the tree ? just let mirrors spread them widely :)

-- 
  BuG

Reply to:

Follow-Ups:
- Would somone be interested in packaging AIDE
  - From: wind@freewwweb.com (Allan M. Wind)

References:
- Root Kit Protection
  - From: Brent Fulgham <brent.fulgham@xpsystems.com>
- Re: Root Kit Protection
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: Root Kit Protection
Next by Date: ITP: m2crypto and ZServer-ssl
Previous by thread: Re: Root Kit Protection
Next by thread: Would somone be interested in packaging AIDE
Index(es):
- Date
- Thread