Re: Problems with tripwire:
On Wed, Mar 13, 2002 at 04:31:01PM +0100, Michel Verdier wrote: Petro [EMAIL PROTECTED] a écrit : | The last match is used, try to switch these ones | | I did, that is the second. I'll try it again. In fact you have 3 /var statements, the order should refine matching like this : /var /var/log /var/log/ksymoops /var@@AW /var/log@@LOGSEARCH !/var/log/ksymoops/ It's now like this and it's still doing the same thing. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with tripwire:
On Wed, Mar 13, 2002 at 04:31:01PM +0100, Michel Verdier wrote: Petro [EMAIL PROTECTED] a ?crit : | The last match is used, try to switch these ones | | I did, that is the second. I'll try it again. In fact you have 3 /var statements, the order should refine matching like this : /var /var/log /var/log/ksymoops /var@@AW /var/log@@LOGSEARCH !/var/log/ksymoops/ It's now like this and it's still doing the same thing. -- Share and Enjoy.
Re: Problems with tripwire:
On Tue, Mar 12, 2002 at 08:59:08AM +0100, Martin Peikert wrote: Petro wrote: Is there a file-security scanner like tripwire (or like AIDE) that works across a network? I'm envisioning something that does local file scanning, then transmits the resulting table to a remote (more secure) host where the verification is done. Try samhain or freeveracity: http://samhain.sourceforge.net/surround.html?main_q.html2 This seems to be exactly what I'm looking for. These guys are paranoid. That is good. That stealth option looks...interesting. http://www.freeveracity.org/ GTi -- For encrypted messages please use my public key, key-ID: 0xA9E35B01 The fingerprint is A684 87F3 C7AA 9728 3C1B 85BF 0500 B2C7 A9E3 5B01 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with tripwire:
On Tue, Mar 12, 2002 at 08:57:40PM +0100, Michel Verdier wrote: Petro [EMAIL PROTECTED] a écrit : | !/var/log/ksymoops/ | /var/log@@LOGSEARCH | | Now, according to my understanding, the ! in front of /var/log/ksymoops/ | should be telling tripwire to ignore things under there, right? | | Obviously, it's not. The last match is used, try to switch these ones I did, that is the second. I'll try it again. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with tripwire:
Petro wrote: Is there a file-security scanner like tripwire (or like AIDE) that works across a network? I'm envisioning something that does local file scanning, then transmits the resulting table to a remote (more secure) host where the verification is done. Try samhain or freeveracity: http://samhain.sourceforge.net/surround.html?main_q.html2 http://www.freeveracity.org/ GTi -- For encrypted messages please use my public key, key-ID: 0xA9E35B01 The fingerprint is A684 87F3 C7AA 9728 3C1B 85BF 0500 B2C7 A9E3 5B01
Re: Problems with tripwire:
On Tue, Mar 12, 2002 at 08:59:08AM +0100, Martin Peikert wrote: Petro wrote: Is there a file-security scanner like tripwire (or like AIDE) that works across a network? I'm envisioning something that does local file scanning, then transmits the resulting table to a remote (more secure) host where the verification is done. Try samhain or freeveracity: http://samhain.sourceforge.net/surround.html?main_q.html2 This seems to be exactly what I'm looking for. These guys are paranoid. That is good. That stealth option looks...interesting. http://www.freeveracity.org/ GTi -- For encrypted messages please use my public key, key-ID: 0xA9E35B01 The fingerprint is A684 87F3 C7AA 9728 3C1B 85BF 0500 B2C7 A9E3 5B01 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Share and Enjoy.
Re: Problems with tripwire:
On Tue, Mar 12, 2002 at 08:57:40PM +0100, Michel Verdier wrote: Petro [EMAIL PROTECTED] a ?crit : | !/var/log/ksymoops/ | /var/log@@LOGSEARCH | | Now, according to my understanding, the ! in front of /var/log/ksymoops/ | should be telling tripwire to ignore things under there, right? | | Obviously, it's not. The last match is used, try to switch these ones I did, that is the second. I'll try it again. -- Share and Enjoy.
Re: Problems with tripwire:
Petro wrote: Is there a file-security scanner like tripwire (or like AIDE) that works across a network? I'm envisioning something that does local file scanning, then transmits the resulting table to a remote (more secure) host where the verification is done. Try samhain or freeveracity: http://samhain.sourceforge.net/surround.html?main_q.html2 http://www.freeveracity.org/ GTi -- For encrypted messages please use my public key, key-ID: 0xA9E35B01 The fingerprint is A684 87F3 C7AA 9728 3C1B 85BF 0500 B2C7 A9E3 5B01 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]