Date: 11 Aug 2002 19:21:23 +0100 From: Stacey Roberts <stacey@Demon.vickiandstacey.com> To: Randy Belk <rbelk@bccs.homeip.net> Cc: sroberts@dsl.pipex.com, Volker Kindermann <freebsd@secspace.de>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: aide-0.7_1 docs? Message-ID: <1029090085.38776.185.camel@Demon.vickiandstacey.com> In-Reply-To: <20020811090900.T42163-100000@bccs.homeip.net> References: <20020811090900.T42163-100000@bccs.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi Randy, Great to hear those comments about Sanhain. I take it you rate this above the others mentioned in this thread, then. I was thinking of going with something along the line of portsentry for the network port monitoring) as well as something along the lines of (what I now believe) samhain. Did the install / config go well? Are there any gotcha's for FreeBSD 4.6 Stable that I should be aware of? I only ask because samhain is *not* mentioned in /usr/port/security Stacey On Sun, 2002-08-11 at 15:25, Randy Belk wrote: > I am have tried tripwire, aide, integret, and a few others but the > benifits of samhain are fantastic. It doesn't put a load on my > Pentium/133, and it does real time fantastic. It can check my setup > every 20-30 minutes. > > Benifits > - md5's it's on binary, and it checks it when it starts and stops > - can log to a central logging server > - md5's logs and emails > - does real time suid checks > - checks for logins and multiple logins > - on linux it can check for kernel module rootkits > > and many more > > The only problem I have found with samhain is the logging. Since > every log entry is md5'ed, the output is very weird. Also, there is > not a daily email like aide and tripwire sends, it's real time remember. > > > > On 11 Aug 2002, Stacey Roberts wrote: > > > Hi Volker, > > Thanks for the your thoughts and suggestions. I've not looked at the > > aide docs (as suggested by Dru earlier in the post), and it looks as if > > I'll only be able to find the URL for the aide docs *after* installing > > the thing - not happy with that! > > > > I'll take a look at samhain today - one thing, is it compatible with > > FBSD 4.6Stable? > > > > Stacey > > > > > > > > On Sun, 2002-08-11 at 10:50, Volker Kindermann wrote: > > > Hi Stacey, > > > > > > > I used to use tripwire, but found that it didn't *really* do what I > > > > thought it would (which is provide real-time notification of intrusion > > > > attempts / hacks). > > > > > > I know tripwire and I think it is not intended to do real-time monitoring. I don't know aide but I can imagine that it don't have real-time monitoring, too. Please correct me, if I'm wrong. > > > > > > Lately I found a tool called samhain (http://la-samhna.de/samhain/) that is able to run as a daemon and therefore does some kind of real-time monitoring. Perhaps you'll give it a try. > > > > > > HTH > > > -volker > > > > > -- > > Stacey Roberts > > B.Sc (HONS) Computer Science > > > > -------------------------------------------------- > Microsoft: "Where would you like to go to today" > Linux: "Where would you like to go tomorrow" > BSD: "Hey,when are you guys going to catch up" > > The BSDway is the only way........................ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUAPVarIZvQeubckvvXAQHf+Af/Yv2WqQq30fNX8Zj9oowMZMpKqi2lKLjg 0DlEYQAGaGyhWcfgjyaOrQA078U9KbJbfWyFoXsyzHnzgh5xkPgrJSQ2vRhD7L9G durLFQSQfUxIgvhpLctvD82P9TeHYvjeLMlBk+Rk8tmHTNBW2WVuZPPUEAOwqNhB dKK01G/JA/tK6Y/h8tDnTtF5AjHieNXnQWr6pKQNhume80n8rzBebDWPu2EA/jcI nCQYpbSxVXptPfPktLvCuOD1PvI4unhA3PDCB5UfOaG9Cbj3U95G2qToMq67C5r/ gmqbL+pGnV75yP+mZw1IfdPauoUvCf13SLmdIrPHQpmxSG3RvAsC2w== =vvQC -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1029090085.38776.185.camel>