Just to add another one file-change-detection tool:
http://www.freeveracity.org/
--Bruce
Benjamin Scott wrote:
>
> On Wed, 1 Nov 2000, Kurth Bemis wrote:
> >> Does anyone know how to clean the Zombie off of their server?
> >
> > install AIDE - its on freshmeat. i did....and it's helped me a lot...
>
> It is worth stressing that, while an IDS (Intrusion Detection System) is a
> great idea, it is not going to help you recover from a compromise if you
> didn't have it setup beforehand.
>
> IDSes available include Tripwire, AIDE, and LIDS.
>
> Tripwire was one of the first, and has been very popular in commercial Unix
> circles. It recently went Open Source under the GPL, which surprised me; I
> expected a more restrictive license. http://www.tripwire.com is the
> commercial home, http://www.tripwire.org is the Open Source home, and
> http://sourceforge.net/projects/tripwire is the Open Source development home.
>
> AIDE stands for Advanced Intrusion Detection Environment. It is (was?)
> designed to be an Open Source replacement for Tripwire, and has some nice
> features. GPL. http://www.cs.tut.fi/~rammer/aide.html
>
> LIDS (Linux Intrusion Detection System) is a bit more then just an IDS. It
> aims to actually make it harder for an attacker to subvert the system. The
> general idea is that you establish the system in the configuration you want,
> and then use LIDS to freeze it in place, such that even the administrator
> cannot modify the system without taking special actions (like booting from
> removable media). http://www.lids.org
>
> Note that I'm not endorsing any particular product here. Evaluate and make
> your own decisions. :-)
>
> HTH,
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
