Date: 11 Aug 2002 13:56:18 +0100 From: Stacey Roberts <stacey@Demon.vickiandstacey.com> To: FreeBSD <backdoc@crotchett.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: aide-0.7_1 docs? Message-ID: <1029070581.38776.180.camel@Demon.vickiandstacey.com> In-Reply-To: <0a5f01c24130$c1cd7b60$6401a8c0@crotchett.com> References: <20020810180914.Y9801-100000@x1-6-00-80-c8-3a-b8-46><1029018608.38776.126.ca mel@Demon.vickiandstacey.com> <20020811115009.01fa251a.freebsd@secspace.de> <1029061905.38776.139.camel@Demon.vickiandstacey.com> <0a5f01c24130$c1cd7b60$6401a8c0@crotchett.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-lSMa9DAPtOh+CavRcuIu Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I've just had a read through the manual included in your earlier post. Unfortunately, there's no mention of any real-time detection / reporting functionality / config options in aide. And from the line: "After a break-in, an administrator may begin by examinining the system using system tools like ls, ps, netstat, and who --- the very tools most likely to be trojaned.", I'm not sure that this is what I'm looking for here - doesn't appear to offer any real-time detection / reporting of an ongoing intrusion attempt I've sent an e-mail to rammer requesting further information on aide, which hopefully will lead to a more informed decision on aide. Its good of you all to get back to me. At this point, I am beginning to believe that maybe I'm thinking of *something else* here, when I say Intrusion Detection System. Feel free to correct me if I'm heading down the wrong search path here. Stacey On Sun, 2002-08-11 at 13:15, FreeBSD wrote: > Is this what you are looking for? > http://www.cs.tut.fi/~rammer/aide/manual.html >=20 > Darren >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message --=20 Stacey Roberts B.Sc (HONS) Computer Science --=-lSMa9DAPtOh+CavRcuIu Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUAPVZe8JvQeubckvvXAQG4UAgAjdwb6rAeLL65fEls6TzAcxslZ/j7S/DG qGcWvezwxgepm3wm54DpyNQ+QPeIG8iBVPHswpx3rbqSLJuCpz68FCDruKM0e3Q8 MuPkBV9u0XnSMkFgMwD82x+gkv1Ltrk2nrXGaGeWeHEbyQk4/k2RB3CGaSa2bvgF 5JZaGe/M0I78HlB3gAQV+AeOPm3r0xPI2uuslnr5xhCc6NBtLMzhZA9/8Euz5XCQ FVyXcvEPbR4uhaGlON4Hew0cw/JP3rBW38tMDjD/cuDMNNZbmofG22/SQRRdVkST fMiolrdYx07P8AxuSTXGxfKPvGr7PT+ZfoCC9U9uCcFVWOGciUnhJw== =11KU -----END PGP SIGNATURE----- --=-lSMa9DAPtOh+CavRcuIu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1029070581.38776.180.camel>