Re: File system integrity checkers - comparison?
On Thu, 2002-12-05 at 00:44, Johannes Graumann wrote: Hello, I'm looking at this triade: Tripwire Aide Fcheck and was wondering as to what this group is prefering and why or whether there are other more trusted alternatives. My main argument ageinst tripwire is it's pseudo-commercial source. A online database with md5sums of systems: http://www.knowngoods.org/index.php The bad thing that they still have only Debian 2.2r5 md5sums. You can try the file integrity checker of them at: http://osiris.shmoo.com/ cya, Gustavo Franco -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: File system integrity checkers - comparison?
On Thu, 2002-12-05 at 00:44, Johannes Graumann wrote: Hello, I'm looking at this triade: Tripwire Aide Fcheck and was wondering as to what this group is prefering and why or whether there are other more trusted alternatives. My main argument ageinst tripwire is it's pseudo-commercial source. A online database with md5sums of systems: http://www.knowngoods.org/index.php The bad thing that they still have only Debian 2.2r5 md5sums. You can try the file integrity checker of them at: http://osiris.shmoo.com/ cya, Gustavo Franco -- [EMAIL PROTECTED]
Re: File system integrity checkers - comparison?
On Wed, Dec 04, 2002 at 06:44:12PM -0800, Johannes Graumann wrote: and was wondering as to what this group is prefering and why or whether there are other more trusted alternatives. My main argument ageinst tripwire is it's pseudo-commercial source. I use tripwire and recommend it strongly. The version in unstable is 100% free software, and the quality is very good. It's probably best to build it from source if you want to install it on a non-unstable system. The source is available at www.tripwire.org. The only drawback to tripwire, IMHO, is that because it's written in C++, it may be difficult to get running on non-x86 systems. Presumably g++ 3.2 will help address that issue. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html msg08026/pgp0.pgp Description: PGP signature
Re: File system integrity checkers - comparison?
Quoting Noah L. Meyerhans ([EMAIL PROTECTED]): The only drawback to tripwire, IMHO, is that because it's written in C++, it may be difficult to get running on non-x86 systems. Presumably g++ 3.2 will help address that issue. When last I checked, it also lacks autoconf support. AIDE, by comparison, is pure C, with autoconf support, and thus very portable. -- Cheers,Open-source SourceForge retakes the lead: Rick Moen http://gforge.org/ Thank you, Tim Perdue. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: File system integrity checkers - comparison?
Hi, I'm using integrit for a while and its working fine here. Fast, small memory usage and good reporting system. I'm using it with CODA (binary, config and databases are on the CODA server), and its working fine :) Cheers, Domonkos Czinke -Original Message- From: Johannes Graumann [mailto:[EMAIL PROTECTED] Sent: Thursday, December 05, 2002 3:44 AM To: debian-security@lists.debian.org Subject: File system integrity checkers - comparison? Hello, I'm looking at this triade: Tripwire Aide Fcheck and was wondering as to what this group is prefering and why or whether there are other more trusted alternatives. My main argument ageinst tripwire is it's pseudo-commercial source. Thankful for any comment, Joh
Re: File system integrity checkers - comparison?
On Wed, Dec 04, 2002 at 06:44:12PM -0800, Johannes Graumann wrote: and was wondering as to what this group is prefering and why or whether there are other more trusted alternatives. My main argument ageinst tripwire is it's pseudo-commercial source. I use tripwire and recommend it strongly. The version in unstable is 100% free software, and the quality is very good. It's probably best to build it from source if you want to install it on a non-unstable system. The source is available at www.tripwire.org. The only drawback to tripwire, IMHO, is that because it's written in C++, it may be difficult to get running on non-x86 systems. Presumably g++ 3.2 will help address that issue. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpLmDLEP0jjH.pgp Description: PGP signature
Re: File system integrity checkers - comparison?
Quoting Noah L. Meyerhans ([EMAIL PROTECTED]): The only drawback to tripwire, IMHO, is that because it's written in C++, it may be difficult to get running on non-x86 systems. Presumably g++ 3.2 will help address that issue. When last I checked, it also lacks autoconf support. AIDE, by comparison, is pure C, with autoconf support, and thus very portable. -- Cheers,Open-source SourceForge retakes the lead: Rick Moen http://gforge.org/ Thank you, Tim Perdue. [EMAIL PROTECTED]
Re: File system integrity checkers - comparison?
What's your reasoning? Joh On Thu, 05 Dec 2002 13:01:46 +1000 Alexander Zangerl [EMAIL PROTECTED] wrote: On Wed, 04 Dec 2002 18:44:12 PST, Johannes Graumann writes: and was wondering as to what this group is prefering and why or whether there are other more trusted alternatives. samhain is my personal favourite. mfg az -- ++ Alexander Zangerl [EMAIL PROTECTED] DSA 0xF860ACF1 ++ ++ Bond University IT School phone +61 7 5595 3398 ++ msg08022/pgp0.pgp Description: PGP signature
Re: File system integrity checkers - comparison?
What's your reasoning? Joh On Thu, 05 Dec 2002 13:01:46 +1000 Alexander Zangerl [EMAIL PROTECTED] wrote: On Wed, 04 Dec 2002 18:44:12 PST, Johannes Graumann writes: and was wondering as to what this group is prefering and why or whether there are other more trusted alternatives. samhain is my personal favourite. mfg az -- ++ Alexander Zangerl [EMAIL PROTECTED] DSA 0xF860ACF1 ++ ++ Bond University IT School phone +61 7 5595 3398 ++ pgpQ45Ddkfh12.pgp Description: PGP signature
Re: File system integrity checkers - comparison?
Johannes Graumann [EMAIL PROTECTED] writes: I'm looking at this triade: Tripwire Aide Fcheck and was wondering as to what this group is prefering and why or whether there are other more trusted alternatives. You might want to include integrit and samhain as well. May filetraq too. I'm using integrit, fcheck and filetraq on a fairly minimal internal server running sarge. Integrit is fine, plenty of ways to customize it to your setup and I use it with a daily cron job (I believe that's what the default setup does, but I've mucked around with that). These runs check the whole system (in principle everything below /) quite thoroughly. Fcheck is not as flexible (I'm thinking of replacing it with aide once I have some time) but I use it for a quick hourly check of the more important stuff (/bin, /sbin, /lib and the /usr versions of these) I used to have fcheck go over /etc as well, but am using filetraq for that now. The main advantage is that it will keep time-stamped backups of all files so you can go back a version or more. Drawback is that you may have to clean out the backups occasionally. What I like most though, is that it sends you diffs(!) of the changes made to any file monitored. I think my set up check every 10 minutes or so for changes. My main argument ageinst tripwire is it's pseudo-commercial source. If it ain't in main, it ain't debian :-P -- Olaf MeeuwissenEPSON KOWA Corporation, ECS GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 Penguin's lib! -- I hack, therefore I am -- LPIC-2
