Date: Sun, 11 Aug 2002 09:25:26 -0500 (CDT) From: Randy Belk <rbelk@bccs.homeip.net> To: sroberts@dsl.pipex.com Cc: Volker Kindermann <freebsd@secspace.de>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: aide-0.7_1 docs? Message-ID: <20020811090900.T42163-100000@bccs.homeip.net> In-Reply-To: <1029061905.38776.139.camel@Demon.vickiandstacey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I am have tried tripwire, aide, integret, and a few others but the benifits of samhain are fantastic. It doesn't put a load on my Pentium/133, and it does real time fantastic. It can check my setup every 20-30 minutes. Benifits - md5's it's on binary, and it checks it when it starts and stops - can log to a central logging server - md5's logs and emails - does real time suid checks - checks for logins and multiple logins - on linux it can check for kernel module rootkits and many more The only problem I have found with samhain is the logging. Since every log entry is md5'ed, the output is very weird. Also, there is not a daily email like aide and tripwire sends, it's real time remember. On 11 Aug 2002, Stacey Roberts wrote: > Hi Volker, > Thanks for the your thoughts and suggestions. I've not looked at the > aide docs (as suggested by Dru earlier in the post), and it looks as if > I'll only be able to find the URL for the aide docs *after* installing > the thing - not happy with that! > > I'll take a look at samhain today - one thing, is it compatible with > FBSD 4.6Stable? > > Stacey > > > > On Sun, 2002-08-11 at 10:50, Volker Kindermann wrote: > > Hi Stacey, > > > > > I used to use tripwire, but found that it didn't *really* do what I > > > thought it would (which is provide real-time notification of intrusion > > > attempts / hacks). > > > > I know tripwire and I think it is not intended to do real-time monitoring. I don't know aide but I can imagine that it don't have real-time monitoring, too. Please correct me, if I'm wrong. > > > > Lately I found a tool called samhain (http://la-samhna.de/samhain/) that is able to run as a daemon and therefore does some kind of real-time monitoring. Perhaps you'll give it a try. > > > > HTH > > -volker > > > -- > Stacey Roberts > B.Sc (HONS) Computer Science > -------------------------------------------------- Microsoft: "Where would you like to go to today" Linux: "Where would you like to go tomorrow" BSD: "Hey,when are you guys going to catch up" The BSDway is the only way........................ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020811090900.T42163-100000>