From owner-freebsd-security Fri Dec 1 9:35:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from trash.mashnet.de (trash.mashnet.de [212.5.1.3]) by hub.freebsd.org (Postfix) with ESMTP id 8876F37B400 for ; Fri, 1 Dec 2000 09:35:41 -0800 (PST) Received: from socha.net (IDENT:qmailr@dialin-2-148.bl.trmd.net [212.84.201.148]) by trash.mashnet.de (8.9.3/8.9.3) with SMTP id SAA01939 for ; Fri, 1 Dec 2000 18:35:33 +0100 Received: (qmail 11216 invoked by uid 500); 1 Dec 2000 17:33:58 -0000 To: security@FreeBSD.ORG Subject: Re: IDS References: <200012011438.eB1EcHO47163@cwsys.cwsent.com> Organization: Trial By Combat X-URL: X-MSMail-Priority: Urgent Virus Delivery X-Face: #Z}0zkbqU,m`+S)^0R[.23L-o>U{UQ|(DvIqu^Bjw:po_g9;4JnT9tbn;QX$ga/LYS From: "Robin S. Socha" Date: 01 Dec 2000 18:33:58 +0100 In-Reply-To: <200012011438.eB1EcHO47163@cwsys.cwsent.com> Message-ID: Lines: 23 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.2 (Pan Linux 2.4.0-test11) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Cy Schubert writes: > An IDS like tripwire or aide will help in this department. Of course > there are limitations, e.g. rootkits that install themselves as kernel > mods, and there extra things that need to be done to improve tripwire's > or aide's ability to withstand database corruption, but it is better > than doing nothing at all. Just out of curiosity: Linux has LIDS at http://www.lids.org/ - is there an equivalent to that for FreeBSD? - -- Robin S. Socha -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQA/AwUBOifg9hCwuQQD9m3wEQKN7wCePwZD9aDe9B1InXJcZ2fpbMFg2woAnjd9 g0fIeZeNR5pxuvPwNjKX9JVb =YZ+O -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message