From owner-freebsd-security Mon Jul 15 10:36:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFFE337B61C for ; Mon, 15 Jul 2002 10:36:16 -0700 (PDT) Received: from rambo.simx.org (rambo.simx.org [80.65.205.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5BCA9443DE for ; Mon, 15 Jul 2002 10:30:59 -0700 (PDT) (envelope-from listsub@rambo.simx.org) Received: from rambo.simx.org (rocky [192.168.0.2]) by rambo.simx.org (8.12.3/8.12.3) with ESMTP id g6FHTJ4P051924; Mon, 15 Jul 2002 19:29:25 +0200 (CEST) (envelope-from listsub@rambo.simx.org) Message-ID: <3D33068D.8090405@rambo.simx.org> Date: Mon, 15 Jul 2002 19:29:49 +0200 From: "Roger 'Rocky' Vetterberg" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020618 Netscape/7.0b1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew Johns Cc: freebsd-security@FreeBSD.ORG Subject: Re: Recommendations for filesystem integrity checkers? References: <20020712065459.GA24030@lupe-christoph.de> <3D2EC5A9.2070305@rambo.simx.org> <3D3207FC.50102@kpi.com.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Andrew Johns wrote: > Roger 'Rocky' Vetterberg wrote: > > > Lupe Christoph wrote: > > > >> Hi! > >> > >> Which filesystem integrity checkers do people use? I've > >> found ports for aide, cksfv, integrit, l5, three versions > >> of tripwire and yafic. (Feel free to point me to the ones > >> I overlooked.) I did not find ports for fcheck and samhain > >> (found on Debian). > >> > >> Since I don't have the time to assess them all, I would > >> like to tap the collective experience of the FreeBSD > >> security people. > >> > >> So which do you use, and why? > >> > >> Thanks for your time, Lupe Christoph > > > > > > Personally, I use aide. Its lightweight, easy to configure > > and automate via scripts and it does exactly I want it to > > do. > > > > > Are you using aide-0.8 or 0.7? I've seen people have problems > with 0.8 getting gcrypt operating (including myself although I > haven't yet had the time to delve in and find the actual problem). > > If you've succeeded with 0.8, what magic incantation did you need > to get gcrypt to compile? > > Thanks > AJ aide -v Aide, version 0.7 Compiled with the following options WITH_MHASH CONFIG_FILE = "/etc/aide.conf" This was compiled and configured probably a year ago, and has been working flawless since then. -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message