From owner-freebsd-questions Sat Oct 16 14:28:51 1999 Delivered-To: freebsd-questions@freebsd.org Received: from dt050n71.san.rr.com (dt050n71.san.rr.com [204.210.31.113]) by hub.freebsd.org (Postfix) with ESMTP id 6BE3314CE7 for ; Sat, 16 Oct 1999 14:28:48 -0700 (PDT) (envelope-from Doug@gorean.org) Received: from gorean.org (master [10.0.0.2]) by dt050n71.san.rr.com (8.9.3/8.8.8) with ESMTP id OAA67882; Sat, 16 Oct 1999 14:28:45 -0700 (PDT) (envelope-from Doug@gorean.org) Message-ID: <3808EE0D.CAED84F7@gorean.org> Date: Sat, 16 Oct 1999 14:28:45 -0700 From: Doug Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 4.0-CURRENT-0927 i386) X-Accept-Language: en MIME-Version: 1.0 To: Alan Krantz Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Best way to detect break in References: <199910161926.PAA02960@electron.mathcs.emory.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Alan Krantz wrote: > > What is the best way to detect a break in ? For example, is there a program > that will make a checksum of all system software and then compare current > checksum to this checksum (as well as other useful checks)? Yes, tripwire does exactly what you want, is free and there is a port for it. For commercial level solutions you should take a look at Network Flight Recorder. > I'm not on this mailing list - not sure if that makes a difference with > regards to getting responses. It doesn't. Long-standing public mailing list tradition is to respond to the poster and cc: the list. > I did look on freebsd.org/security and > while they gave hints as to what to do if you detect a break in they > didn't really discuss the art of detecting a clever break in... Depending on what environment you're in you might want to invest in some good books on system administration. For freebsd specific knowldege "The Complete FreeBSD" is your best bet, available from WC Archive, and lots of other places. For more general topics "Essential System Administration" from O'Reilly is indispensable. Good luck, Doug -- "Stop it, I'm gettin' misty." - Mel Gibson as Porter, "Payback" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message