review host based intrusion detection sytems

To: debian-isp@lists.debian.org
Subject: review host based intrusion detection sytems
From: Dan MacNeil <omacneil@brave.cs.uml.edu>
Date: Sat, 21 Jun 2003 13:24:22 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.44.0306211310310.335-100000@brave.cs.uml.edu>

Doing an apt-cache search on "tripwire" and "intrusion"

I came up with these packages:

	aide
	bsign
	fcheck
	integrit

I've googled around a bit but haven't found much evaluation...

Does anyone have opinions on them?

We're setting up 3 new servers and I want to have an intrusion
detection database.

Ease of use is much, much more important then perfect security.

A while back we installed tripwire from tarball on one system but let it
get out of date. At another job, they had a homegrown system that is very
cumbersome,--lots and lots of false alarms and a pain to update.

Of course it would be extra valuable if you could compare and contrast two
or more of these packages.

Reply to:

Follow-Ups:
- Re: review host based intrusion detection sytems
  - From: "Paul Foote" <paul@geesus.homelinux.net>
- RE: review host based intrusion detection sytems
  - From: "Dan Udey" <disp@cdslash.net>
- Re: review host based intrusion detection sytems
  - From: Keegan Quinn <kquinn@respond2.com>

Prev by Date: Re: Sarge CD-ROM installation
Next by Date: Re: review host based intrusion detection sytems
Previous by thread: Re: Sarge CD-ROM installation
Next by thread: Re: review host based intrusion detection sytems
Index(es):
- Date
- Thread