From owner-freebsd-questions Sun Aug 11 6: 5:46 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D48B37B405 for ; Sun, 11 Aug 2002 06:05:35 -0700 (PDT) Received: from fep7.cogeco.net (smtp.cogeco.net [216.221.81.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B8D143E42 for ; Sun, 11 Aug 2002 06:05:35 -0700 (PDT) (envelope-from dlavigne6@cogeco.ca) Received: from d226-39-211.home.cgocable.net (d226-39-211.home.cgocable.net [24.226.39.211]) by fep7.cogeco.net (Postfix) with ESMTP id 37E145A1D; Sun, 11 Aug 2002 09:05:33 -0400 (EDT) Date: Sun, 11 Aug 2002 09:11:20 -0400 (EDT) From: Dru X-X-Sender: dlavigne6@x1-6-00-80-c8-3a-b8-46 To: sroberts@dsl.pipex.com Cc: FreeBSD , FreeBSD Questions Subject: Re: aide-0.7_1 docs? In-Reply-To: <1029070581.38776.180.camel@Demon.vickiandstacey.com> Message-ID: <20020811091020.L9801-100000@x1-6-00-80-c8-3a-b8-46> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 11 Aug 2002, Stacey Roberts wrote: > I've just had a read through the manual included in your earlier post. > > Unfortunately, there's no mention of any real-time detection / reporting > functionality / config options in aide. And from the line: "After a > break-in, an administrator may begin by examinining the system using > system tools like ls, ps, netstat, and who --- the very tools most > likely to be trojaned.", I'm not sure that this is what I'm looking for > here - doesn't appear to offer any real-time detection / reporting of an > ongoing intrusion attempt > > I've sent an e-mail to rammer requesting further information on aide, > which hopefully will lead to a more informed decision on aide. > > Its good of you all to get back to me. At this point, I am beginning to > believe that maybe I'm thinking of *something else* here, when I say > Intrusion Detection System. Feel free to correct me if I'm heading down > the wrong search path here. Sounds like you're thinking more along the lines of "snort" or "portsentry". Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message