From owner-freebsd-security Fri Jun 15 7:47:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id C3E1137B406 for ; Fri, 15 Jun 2001 07:47:29 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA07718 for ; Fri, 15 Jun 2001 07:47:29 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda07716; Fri Jun 15 07:47:25 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.4/8.9.1) id f5FElKR00674 for ; Fri, 15 Jun 2001 07:47:20 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdpkB666; Fri Jun 15 07:46:51 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.4/8.9.1) id f5FEjP900945 for ; Fri, 15 Jun 2001 07:45:25 -0700 (PDT) Message-Id: <200106151445.f5FEjP900945@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdLJX930; Fri Jun 15 07:45:12 2001 X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert Cc: freebsd-security@FreeBSD.ORG Subject: Re: tripwire In-reply-to: Your message of "Wed, 13 Jun 2001 10:14:16 CDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 15 Jun 2001 07:45:12 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message , "Stephen Hilton " writes: > Dear Mr. Schubert > > Regarding your post about the tripwire port, I think this is a good idea > in that some feedback could be obtained regarding the policy file setup. > > I have been using aide 0.7 on my systems and was interested if the "list" > thinks this is a "solid" enough solution for integrity checking? I am aware > that aide is a memory hog, but the systems I administer are used primarily > during business hours, so aide can be run at night without user performance > impact. > > Thanks for all your FreeBSD and IPFilter support, > > Sincerely, > > Stephen Hilton > nospam@hiltonbsd.com > Thank you for your kind words. Sorry for the late reply. I've fallen behind on reading my security & FreeBSD mailing lists mailbox, over 400 emails. Just not enough time in the day any more. :( I've used both Tripwire and Aide, and I maintain the FreeBSD tripwire-131 and aide ports. My preference so far has been Tripwire because of its interactive option. Other than that and taking into account some what I might consider relatively minor differences when viewed at from the 35,000 ft. level, the two packages are quite similar in function. Version 1 of Tripwire, especially 1.2, does not manage its memory all that well either. The folks at Tripwiresecurity have told me that version 2 greatly improves its memory management allowing one to monitor greater numbers of files. I've hit the wall, so to speak, with number of files monitored by Tripwire-1.3.1. The Tripwire-2.3.1 port, once complete, should resolve that issue for me. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message