On Thu, 2004-04-22 at 17:32, Phillip Hofmeister wrote: > Can anyone refer me to a woody backport of tripwire (or a version such > as 2.3.1.2+)? > > I know it is non-free, I like it anyhow. As great as tripwire is (even though it's not free), I think it's not nearly as good as samhain. Samhain also has some problems (or rather designs that I consider to be problems) but it's more useful than tripwire, if used with beltane. I suggest you take a look at samhain: $ apt-cache show samhain Package: samhain Priority: optional Section: admin Installed-Size: 1392 Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Architecture: i386 Version: 1.8.2-3 Depends: libc6 (>= 2.3.2.ds1-4), libgmp3, debconf (>= 1.2.9) Filename: pool/main/s/samhain/samhain_1.8.2-3_i386.deb Size: 462520 MD5sum: 19c81b21f5dd908ed8bb5715ed6c474b Description: Data integrity and host intrusion alert system Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful (and new) stealth features to run undetected on memory using steganography. . Main features * Complete integrity check + uses cryptographic checksums of files to detect modifications, + can find rogue SUID executables anywhere on disk, and * Centralized monitoring + native support for logging to a central server via encrypted and authenticated connections * Tamper resistance + database and configuration files can be signed + logfile entries and e-mail reports are signed + support for stealth operation . Homepage: http://la-samhna.de/samhain/index.html -- Jake Appelbaum <jacob@appelbaum.net>
Attachment:
signature.asc
Description: This is a digitally signed message part