Date: Sun, 7 Dec 2003 12:45:21 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Re: possible compromise or just misreading logs Message-ID: <20031207204521.195E9DAC92@mx7.roble.com> In-Reply-To: <20031207200130.C4B1216A4E0@hub.freebsd.org> References: <20031207200130.C4B1216A4E0@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Second, what are people using for intrusion detection? This is something I > have thought about but never really thought I needed until now. No production environment should be without Tripwire (1.3 is my favorite version). With the right wrapper script <http://www.roble.com/docs/twcheck> and off-line backups it's impossible to compromise a system without being detected. Nothing beats the relief you'll feel when tripwire gives your system a clean bill of health after after finding some suspicious logs. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031207204521.195E9DAC92>