Tripwire IDS useful? I'm thinking of dumping it after many
years...
Tracy R Reed
treed at ultraviolet.org
Tue Aug 22 14:21:54 PDT 2006
chris at seberino.org wrote:
> Since I'm always installing updates
> on my Debian box, Tripwire IDS is daily reminding me of
> changes to my PC that require updating Tripwire box.
Oh, another thing I do: On our production machines at work cfengine
monitors the md5sums of critical binary files and alerts me once (and
only once) when it changes and then computes and stores the new
checksum. So it alerts me when things change but takes care of itself
from then on. Sure, one could still theoretically modify the cfengine
binary on the machine to report the correct checksum. In practice I have
never heard of that happening. I am mainly interested in protecting us
from the automated attacks which install spam relays and bot networks
than I am from the real professionals who would do such a complicated
custom job as to notice and fix cfengine not to reveal their changes.
--
Tracy R Reed http://ultraviolet.org
A: Because we read from top to bottom, left to right
Q: Why should I start my reply below the quoted text
More information about the KPLUG-List
mailing list