Re: Root Kit Protection
Le 16 février vers 17:32, Ethan Benson écrivait :
> > Does this sound like it might be useful at all? It's roughly the same as
> > tripwire or its ilk, but the auditing would be "pre-processed" such that you
> > don't have to build the "before" database on your system -- it get's updated
> > each time you install/upgrade Debian.
>
> sounds like tripwire but i would hope a Free software version, which
> last time i looked did not exist...
AIDE (http://www.cs.tut.fi/~rammer/aide.html) the "Advanced Intrusion
Detection Environment" is a free rewriting and extension of tripwire.
It has multiple integrity checking algorithms, not only md5. It's GPL
and works fine.
> this would really be a great tool, if it were to play well with the
> dpkg system, things like tripwire become rather useless or impractical
> if you are following the unstable tree of debian since files on the
> system change nearly every day...
Why if the packages sigs used by the "integrity checker tool" are part
of the tree ? just let mirrors spread them widely :)
--
BuG
Reply to: