[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: File system integrity checkers - comparison?

Johannes Graumann <graumann@its.caltech.edu> writes:

> I'm looking at this triade:
> 	Tripwire
> 	Aide
> 	Fcheck
> and was wondering as to what this group is prefering and why or
> whether there are other more trusted alternatives.

You might want to include integrit and samhain as well.  May filetraq

I'm using integrit, fcheck and filetraq on a fairly minimal internal
server running sarge.
  Integrit is fine, plenty of ways to customize it to your setup and I
use it with a daily cron  job (I believe that's what the default setup
does, but I've  mucked around with that).  These  runs check the whole
system (in principle everything below /) quite thoroughly.
  Fcheck is not as flexible (I'm thinking of replacing it with aide
once I have some time) but I use it for a quick hourly check of the
more important stuff (/bin, /sbin, /lib and the /usr versions of
  I used to have fcheck go over /etc as well, but am using filetraq
for that now.  The main advantage is that it will keep time-stamped
backups of all files so you can go back a version or more.  Drawback
is that you may have to clean out the backups occasionally.  What I
like most though, is that it sends you diffs(!) of the changes made
to any file monitored.  I think my set up check every 10 minutes or
so for changes.

> My main argument ageinst tripwire is it's pseudo-commercial source.

If it ain't in main, it ain't debian :-P
Olaf Meeuwissen                            EPSON KOWA Corporation, ECS
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
Penguin's lib!       -- I hack, therefore I am --               LPIC-2

Reply to: