On Sun, 28 Jul 2002 14:18:54 -0500 "J. Craig Woods" <[EMAIL PROTECTED]> wrote:
> James Sparenberg wrote: > > > > David > > > > If you find Tripwire a bit much to install you might look > > at Snort (from freshmeat) it's a little less of a hassle to > > install and is on par with the free version of TripWire. > > > > James > > > > Apples and oranges: they are two *completely* different > programs. Snort is an NIDS, and tripwire is a current image of > your filesystem. Snort(intended purpose) is to show you how the > cracker got in but will not stop him/her from getting in > (obviously, to stop intrusions is a function of your firewall > and related protective measures). Tripwire(intended purpose) > will show you where the cracker went and what he/she did on your > system. I would never consider running a network connected to > the internet without both of these tool installed, configured, > and humming along, as well as *ALL* the other elements in place > too... > > BTW there are mandrake rpm's for both snort and tripwire > (rpmfind.net). > > drjung DrJung, Your are again as you very often are, correct. However I suggested Snort because it is a possible intrusion that he has, not just a changed file. Tripwire doesn't tell you for example where the intruder is coming from. I find this to be a lot more useful than just knowing that something changed. The idea of using both is worthy of a thought. But being the paranoid I am I usually just pull the drive and do a postmortem wipe it and start over. Why? Because although Tripwire tells me what has changed in the files it checks, it doesn't tell me what changed in the files it doesn't check or didn't exist before. This is by the way where I find partimage to be very useful. Just image a partition before connecting the box to the world and after it runs the way I like then if anything does happen...... wipe and restore from images... much faster than a full install. And hackers have a hard time editing things they can't find.... like in my office safe. James
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
