Matthew Rosewarne on 1 Jun 2008 14:01:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] "tripewire" clones (fcheck)

On Sunday 01 June 2008, JP Vossen wrote:
> Anyone else have stories or suggestions to share?

I'm a big fan of debsums with the "tiger" package, which includes a cron 
script to check all files installed from packages.  It doesn't cover any 
files other than what the package manager installs, which means you can use 
another HIDS set only to watch non-system stuff.  That way, updates don't set 
off your HIDS. 

On my desktop machine, I run debsums only.  I back up $HOME with rdiff-backup. 
which shows me if any files were changed.

For more substantial setups, the Prelude system looks interesting, though it 
currently only supports OSSEC and Samhain.

Attachment: signature.asc
Description: This is a digitally signed message part.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --