Re: Comprehensive intrusion detection?
On Thursday 15 June 2006 01:49, Joe Emenaker wrote:
> I know that AIDE and tripwire check for changes to critical
> files/directories... chkrootkit looks for rootkit-ish things.... and
> logcheck looks just at the logs.... but I haven't seen anything that
> scans the entire machine (filesystem, listening ports, outgoing
> ports, etc) for all of the standard things you see on things like the
> SANS intrusion detection checklist... or better yet, something with
> regular updates (like clamav) that checks for things that are being
> seen on the latest honeypots.
> Isn't there *something* like that out there already?
The package "tiger" covers most of the above.