Hey folks... > On Tuesday 29 June 2004 07:10 pm, Lewis Perdue wrote: > > Back when our server was originally cracked, someone suggested that we look > > at tripwire to monitor things once we had a clean install ... well, we've > > got a clean install, but our investigation of Tripwire shows a GIANT > > corporate Dilbert empire with layer upon layer of obfuscation and a set of > > sticky hurdles to clear before even getting an evaluation unit ... they > > boast of being able to monitor 2,500 servers, but Geez, folks how about > > something for one or two servers? > > I thought tripwire was GPL? > > http://sourceforge.net/projects/tripwire/ > > > Isn't there an open-source alternative for this bloatware poster child? > > Even something that does a simple checksum kinda thing on key system and > > .conf files would be welcome. > > If you go to freshmeat.net and enter "intrusion detection" > into the search box you'll see a ton of choices. Perhaps > someone else has specific recommendations....
Yeah...the bonus of commercial tripwire over GPL tripwire is wider OS support (commercial supports Windows natively), and a monitoring console. However, the Tripwire commercial console can be replaced using Prelude, an Open Source Hybrid IDS that can poll data from multiple sources and consolidate it into a single console, and that way you can use pure GPL tripwire. Right now Prelude natively supports Snort, Samhain (which is a FIC/File Integrity Checker that fulfills your needs above), Nessus, and some other stuff. Additionally, many things that can log to syslog have support via the Prelude LML (Log Management Lackey). Here's a directory listing of the current rulesets: apc-emu.rules ipfw.rules pam.rules ssh.rules bigip.rules ipso.rules pcanywhere.rules sudo.rules cisco-pix.rules Makefile portsentry.rules tripwire.rules cisco-router.rules Makefile.am postfix.rules unsupported cisco-vpn.rules Makefile.in proftpd.rules vigor.rules clamav.rules modsecurity.rules qpopper.rules vpopmail.rules contrib ms-sql.rules sendmail.rules wap11.rules dell-om.rules nagios.rules shadow-utils.rules webmin.rules grsecurity.rules navce.rules simple.rules wu-ftp.rules honeyd.rules netfilter.rules single.rules ipchains.rules ntsyslog.rules squid.rules In short, Prelude is an excellent event consolidator/Hybrid IDS solution. Anyone serious about Open Source security should probably have a look at it at some point or another: http://www.prelude-ids.org Gene R Gomez _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
