George P Boutwell wrote: > ... >>>1) What are some projects/software for light IDS, specifically file >>>checksome/change control. I plan on doing the MD5 checksum floppy as >>>described in the Secuirng How-To, but then I want an software that >>>does that and e-mails my admin user whenever checksums and permissions >>>change. >> >>I'm using AIDE and am very happy with it. > > > The Security Debian How-To mentions Tripwire. Looking at AIDE and > Tripwire in the debian packages repositories it's hard to tell the > difference. I'm sure they both do the job, anyone with experience > with both these packages can describe some of the pros and cons of > each?
My personal opinion is that they both suck in different ways. Tripwire for its extreme verbosity and difficulty to update, and AIDE for its lack of database signing and lack of granularity on database updates (you can't update part of the database without manually editing the whole thing). Someone please correct me if i'm missing something that might overcome these difficulties - they've been driving me to despair for quite some time... -- Paul <http://paulgear.webhop.net> -- Did you know? Email viruses spread using addresses they find on the host computer. You can help to reduce the spread of these viruses by using Bcc: instead of To: on mass mailings, or using mailing list software such as mailman (http://www.list.org/) instead.
signature.asc
Description: OpenPGP digital signature