review host based intrusion detection sytems
Doing an apt-cache search on "tripwire" and "intrusion"
I came up with these packages:
I've googled around a bit but haven't found much evaluation...
Does anyone have opinions on them?
We're setting up 3 new servers and I want to have an intrusion
Ease of use is much, much more important then perfect security.
A while back we installed tripwire from tarball on one system but let it
get out of date. At another job, they had a homegrown system that is very
cumbersome,--lots and lots of false alarms and a pain to update.
Of course it would be extra valuable if you could compare and contrast two
or more of these packages.