On Wed, 19 Mar 2008 13:02:48 EDT, Steve Grubb said: > files. In order for the IDS system to be able to distinguish an open of a > watched file from an open of a *special* watched file that an alert should be > sent for, I'd like to propose a standard way of alerting the IDS that this > record needs additional scrutiny.
Why do we need special handling for something the IDS should be able to do for itself? If your IDS system doesn't already have a copy of the list of "special" watched files, you have *bigger* problems.
pgp1HZ06km3Xf.pgp
Description: PGP signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
