[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Light weight IDSes and then some

George P Boutwell wrote:
> ...
>>>1) What are some projects/software for light IDS, specifically file
>>>checksome/change control.  I plan on doing the MD5 checksum floppy as
>>>described in the Secuirng How-To, but then I want an software that
>>>does that and e-mails my admin user whenever checksums and permissions
>>I'm using AIDE and am very happy with it.
> The Security Debian How-To mentions Tripwire.  Looking at AIDE and
> Tripwire in the debian packages repositories it's hard to tell the
> difference.  I'm sure they both do the job, anyone with experience
> with both these packages can describe some of the pros and cons of
> each?

My personal opinion is that they both suck in different ways.  Tripwire
for its extreme verbosity and difficulty to update, and AIDE for its
lack of database signing and lack of granularity on database updates
(you can't update part of the database without manually editing the
whole thing).

Someone please correct me if i'm missing something that might overcome
these difficulties - they've been driving me to despair for quite some

Did you know?  Email viruses spread using addresses they find on the
host computer.  You can help to reduce the spread of these viruses by
using Bcc: instead of To: on mass mailings, or using mailing list
software such as mailman (http://www.list.org/) instead.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: