From owner-freebsd-questions Sun Aug 11 7:25:40 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C42637B400 for ; Sun, 11 Aug 2002 07:25:37 -0700 (PDT) Received: from bccs.homeip.net (cs164200-24.jam.rr.com [24.164.200.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBB7B43E5E for ; Sun, 11 Aug 2002 07:25:36 -0700 (PDT) (envelope-from rbelk@bccs.homeip.net) Received: by bccs.homeip.net (Postfix, from userid 1001) id 19ACB13237D; Sun, 11 Aug 2002 09:25:27 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by bccs.homeip.net (Postfix) with ESMTP id 05384132312; Sun, 11 Aug 2002 09:25:26 -0500 (CDT) Date: Sun, 11 Aug 2002 09:25:26 -0500 (CDT) From: Randy Belk To: sroberts@dsl.pipex.com Cc: Volker Kindermann , FreeBSD Questions Subject: Re: aide-0.7_1 docs? In-Reply-To: <1029061905.38776.139.camel@Demon.vickiandstacey.com> Message-ID: <20020811090900.T42163-100000@bccs.homeip.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am have tried tripwire, aide, integret, and a few others but the benifits of samhain are fantastic. It doesn't put a load on my Pentium/133, and it does real time fantastic. It can check my setup every 20-30 minutes. Benifits - md5's it's on binary, and it checks it when it starts and stops - can log to a central logging server - md5's logs and emails - does real time suid checks - checks for logins and multiple logins - on linux it can check for kernel module rootkits and many more The only problem I have found with samhain is the logging. Since every log entry is md5'ed, the output is very weird. Also, there is not a daily email like aide and tripwire sends, it's real time remember. On 11 Aug 2002, Stacey Roberts wrote: > Hi Volker, > Thanks for the your thoughts and suggestions. I've not looked at the > aide docs (as suggested by Dru earlier in the post), and it looks as if > I'll only be able to find the URL for the aide docs *after* installing > the thing - not happy with that! > > I'll take a look at samhain today - one thing, is it compatible with > FBSD 4.6Stable? > > Stacey > > > > On Sun, 2002-08-11 at 10:50, Volker Kindermann wrote: > > Hi Stacey, > > > > > I used to use tripwire, but found that it didn't *really* do what I > > > thought it would (which is provide real-time notification of intrusion > > > attempts / hacks). > > > > I know tripwire and I think it is not intended to do real-time monitoring. I don't know aide but I can imagine that it don't have real-time monitoring, too. Please correct me, if I'm wrong. > > > > Lately I found a tool called samhain (http://la-samhna.de/samhain/) that is able to run as a daemon and therefore does some kind of real-time monitoring. Perhaps you'll give it a try. > > > > HTH > > -volker > > > -- > Stacey Roberts > B.Sc (HONS) Computer Science > -------------------------------------------------- Microsoft: "Where would you like to go to today" Linux: "Where would you like to go tomorrow" BSD: "Hey,when are you guys going to catch up" The BSDway is the only way........................ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message