> In what sense? Logging to syslog/email/external database and signing the
Bringing machine to knees seems pretty intrusive to me.
Samhain runs as deamon, and IIRC it scans running processes and does other
things in effort to detect trojans and lkms. This activity used to boost
idle load avg fro
On Mon, Feb 23, 2004 at 12:50:27PM +0100, Dariush Pietrzak wrote:
> > samhain (in unstable, should be easy to backport) which has some
> > interesting features.
> And those interesting features should make you cautious before you deploy
> samhain in production environment. I find it rather intrusi
> In what sense? Logging to syslog/email/external database and signing the
Bringing machine to knees seems pretty intrusive to me.
Samhain runs as deamon, and IIRC it scans running processes and does other
things in effort to detect trojans and lkms. This activity used to boost
idle load avg fro
On Mon, Feb 23, 2004 at 12:50:27PM +0100, Dariush Pietrzak wrote:
> > samhain (in unstable, should be easy to backport) which has some
> > interesting features.
> And those interesting features should make you cautious before you deploy
> samhain in production environment. I find it rather intrusi
> samhain (in unstable, should be easy to backport) which has some
> interesting features.
And those interesting features should make you cautious before you deploy
samhain in production environment. I find it rather intrusive.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E
On Mon, Feb 23, 2004 at 10:42:05AM +0100, Jan Lühr wrote:
> Greetings,
>
> well, I looking for an open source intrusion detection. At first, tripwire
> caputures my attention, but the last open source version seems to be three
> years old - is it still in development or badly vulnerable?
> Then
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
> I did a survey of intergity checkers. I didn't find bsign then, but
I'd vote against bsign - it modifies original binaries, thus rendering
debian md5 sums useless. ( It would be great if one could get packages with
bsign-signed binaries, signed by DDs or release team ).
I prefer integrit it's v
Hello,
Actually Im using Integrit with Coda. I store the binary and the database on a
read only coda mount (you can't mount it rw unless you know the coda password),
and its really fast and reliable. So my vote is Integrit, btw you should check
all of them and then make a decision for you needs
On Monday, 2004-02-23 at 10:42:05 +0100, Jan Lühr wrote:
> well, I looking for an open source intrusion detection. At first, tripwire
> caputures my attention, but the last open source version seems to be three
> years old - is it still in development or badly vulnerable?
> Then I searched for
> samhain (in unstable, should be easy to backport) which has some
> interesting features.
And those interesting features should make you cautious before you deploy
samhain in production environment. I find it rather intrusive.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E
I have used AIDE (Advanced Intrusion Detection Environment) both in production
use and when I've been an instructor on unix security courses I've made the
students learn to use it, because it's really simple and easy to use. Even
though it's quite simple, I don't see it lacking anything importan
On Mon, Feb 23, 2004 at 10:42:05AM +0100, Jan Lühr wrote:
> Greetings,
>
> well, I looking for an open source intrusion detection. At first, tripwire
> caputures my attention, but the last open source version seems to be three
> years old - is it still in development or badly vulnerable?
> Then
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject o
> I did a survey of intergity checkers. I didn't find bsign then, but
I'd vote against bsign - it modifies original binaries, thus rendering
debian md5 sums useless. ( It would be great if one could get packages with
bsign-signed binaries, signed by DDs or release team ).
I prefer integrit it's v
Hello,
Actually Im using Integrit with Coda. I store the binary and the database on a read
only coda mount (you can't mount it rw unless you know the coda password), and its
really fast and reliable. So my vote is Integrit, btw you should check all of them and
then make a decision for you needs
On Monday, 2004-02-23 at 10:42:05 +0100, Jan Lühr wrote:
> well, I looking for an open source intrusion detection. At first, tripwire
> caputures my attention, but the last open source version seems to be three
> years old - is it still in development or badly vulnerable?
> Then I searched for t
I have used AIDE (Advanced Intrusion Detection Environment) both in production use and
when I've been an instructor on unix security courses I've made the students learn to
use it, because it's really simple and easy to use. Even though it's quite simple, I
don't see it lacking anything importan
18 matches
Mail list logo