Also check out AIDE at http://www.cs.tut.fi/~rammer/aide.html. It is an
open source replacement for Tripwire.
JDF
>Robert Yelle wrote:
>
> Jamey Poirier wrote:
>
> > I would like to know how you can determine when you have been hacked?
> > My system was hacked once before and I managed to discover this by noticing
> > a lot of IRC traffic originating from my machine, and some hidden
> > directories, but I don't really know of a reliable way to discover if you
> > have been hacked.
> > Right now I am running RedHat 6.2, and using IPCHAINS, and it seems that
> > there is almost a continuous stream of attempted attacks. How do I
> > determine if they have been successful? I would also like to be able to
> > retaliate.
> >
>
> Jamey,
> check out Tripwire. http://www.tripwire.com/downloads/
> If you use it as a single instance and refrain from installing it on all
> your company's machines ( like only the firewall ) it is free.
> After you build a machine Tripwire takes a "snapshot " of everything (not just
> file size but byte for byte snapshot)
> Tripwire then senses any deviation (hack) and will inform you what has been
> altered and how to fix it.
> There is much more to Tripwire than a what quick mail message can explain....
> I merely point out that it is one possible answer to your question.
>
> Rob Yelle
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
