Re: [PLUG] "tripewire" clones (fcheck)

Matthew Rosewarne on 1 Jun 2008 14:01:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] "tripewire" clones (fcheck)

From: Matthew Rosewarne <mrosewarne@inoutbox.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] "tripewire" clones (fcheck)

Date: Sun, 1 Jun 2008 17:01:03 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: KMail/1.9.9

On Sunday 01 June 2008, JP Vossen wrote: > Anyone else have stories or suggestions to share? I'm a big fan of debsums with the "tiger" package, which includes a cron script to check all files installed from packages. It doesn't cover any files other than what the package manager installs, which means you can use another HIDS set only to watch non-system stuff. That way, updates don't set off your HIDS. On my desktop machine, I run debsums only. I back up $HOME with rdiff-backup. which shows me if any files were changed. For more substantial setups, the Prelude system looks interesting, though it currently only supports OSSEC and Samhain.
Attachment: signature.asc
Description: This is a digitally signed message part.

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] "tripewire" clones (fcheck)
From: JP Vossen <jp@jpsdomain.org>

Prev by Date: [PLUG] "tripewire" clones (fcheck)

Next by Date: [PLUG] OT: Visioneer/Thunderbird

Previous by thread: [PLUG] "tripewire" clones (fcheck)

Next by thread: [PLUG] OT: Visioneer/Thunderbird

Index(es):

Date

Thread