From owner-freebsd-questions Sun Aug 11 5:55:33 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1FDC37B400 for ; Sun, 11 Aug 2002 05:55:30 -0700 (PDT) Received: from colossus.systems.pipex.net (colossus.systems.pipex.net [62.241.160.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8E5343E72 for ; Sun, 11 Aug 2002 05:55:29 -0700 (PDT) (envelope-from stacey@Demon.vickiandstacey.com) Received: from Demon (81-86-129-77.dsl.pipex.com [81.86.129.77]) by colossus.systems.pipex.net (Postfix) with ESMTP id 6D3D1160003BB; Sun, 11 Aug 2002 13:55:24 +0100 (BST) Subject: Re: aide-0.7_1 docs? From: Stacey Roberts Reply-To: sroberts@dsl.pipex.com To: FreeBSD Cc: FreeBSD Questions In-Reply-To: <0a5f01c24130$c1cd7b60$6401a8c0@crotchett.com> References: <20020810180914.Y9801-100000@x1-6-00-80-c8-3a-b8-46><1029018608.38776.126.ca mel@Demon.vickiandstacey.com> <20020811115009.01fa251a.freebsd@secspace.de> <1029061905.38776.139.camel@Demon.vickiandstacey.com> <0a5f01c24130$c1cd7b60$6401a8c0@crotchett.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-lSMa9DAPtOh+CavRcuIu" X-Mailer: Ximian Evolution 1.0.8 Date: 11 Aug 2002 13:56:18 +0100 Message-Id: <1029070581.38776.180.camel@Demon.vickiandstacey.com> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-lSMa9DAPtOh+CavRcuIu Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I've just had a read through the manual included in your earlier post. Unfortunately, there's no mention of any real-time detection / reporting functionality / config options in aide. And from the line: "After a break-in, an administrator may begin by examinining the system using system tools like ls, ps, netstat, and who --- the very tools most likely to be trojaned.", I'm not sure that this is what I'm looking for here - doesn't appear to offer any real-time detection / reporting of an ongoing intrusion attempt I've sent an e-mail to rammer requesting further information on aide, which hopefully will lead to a more informed decision on aide. Its good of you all to get back to me. At this point, I am beginning to believe that maybe I'm thinking of *something else* here, when I say Intrusion Detection System. Feel free to correct me if I'm heading down the wrong search path here. Stacey On Sun, 2002-08-11 at 13:15, FreeBSD wrote: > Is this what you are looking for? > http://www.cs.tut.fi/~rammer/aide/manual.html >=20 > Darren >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message --=20 Stacey Roberts B.Sc (HONS) Computer Science --=-lSMa9DAPtOh+CavRcuIu Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUAPVZe8JvQeubckvvXAQG4UAgAjdwb6rAeLL65fEls6TzAcxslZ/j7S/DG qGcWvezwxgepm3wm54DpyNQ+QPeIG8iBVPHswpx3rbqSLJuCpz68FCDruKM0e3Q8 MuPkBV9u0XnSMkFgMwD82x+gkv1Ltrk2nrXGaGeWeHEbyQk4/k2RB3CGaSa2bvgF 5JZaGe/M0I78HlB3gAQV+AeOPm3r0xPI2uuslnr5xhCc6NBtLMzhZA9/8Euz5XCQ FVyXcvEPbR4uhaGlON4Hew0cw/JP3rBW38tMDjD/cuDMNNZbmofG22/SQRRdVkST fMiolrdYx07P8AxuSTXGxfKPvGr7PT+ZfoCC9U9uCcFVWOGciUnhJw== =11KU -----END PGP SIGNATURE----- --=-lSMa9DAPtOh+CavRcuIu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message