On Thu, 2004-04-22 at 17:32, Phillip Hofmeister wrote:
> Can anyone refer me to a woody backport of tripwire (or a version such
> as 2.3.1.2+)?
>
> I know it is non-free, I like it anyhow.
As great as tripwire is (even though it's not free), I think it's not
nearly as good as samhain.
Samhain also has some problems (or rather designs that I consider to be
problems) but it's more useful than tripwire, if used with beltane.
I suggest you take a look at samhain:
$ apt-cache show samhain
Package: samhain
Priority: optional
Section: admin
Installed-Size: 1392
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Architecture: i386
Version: 1.8.2-3
Depends: libc6 (>= 2.3.2.ds1-4), libgmp3, debconf (>= 1.2.9)
Filename: pool/main/s/samhain/samhain_1.8.2-3_i386.deb
Size: 462520
MD5sum: 19c81b21f5dd908ed8bb5715ed6c474b
Description: Data integrity and host intrusion alert system
Samhain is an integrity checker and host intrusion detection system
that
can be used on single hosts as well as large, UNIX-based networks.
It supports central monitoring as well as powerful (and new) stealth
features to run undetected on memory using steganography.
.
Main features
* Complete integrity check
+ uses cryptographic checksums of files to detect
modifications,
+ can find rogue SUID executables anywhere on disk, and
* Centralized monitoring
+ native support for logging to a central server via encrypted
and authenticated connections
* Tamper resistance
+ database and configuration files can be signed
+ logfile entries and e-mail reports are signed
+ support for stealth operation
.
Homepage: http://la-samhna.de/samhain/index.html
--
Jake Appelbaum <jacob@appelbaum.net>
Attachment:
signature.asc
Description: This is a digitally signed message part