[vox-tech] Tripwire or equivalent
Rick Moen
rick at linuxmafia.com
Tue Jun 29 19:27:24 PDT 2004
Quoting Lewis Perdue (lperdue at ideaworx.com):
> Back when our server was originally cracked, someone suggested that we look
> at tripwire to monitor things once we had a clean install ... well, we've
> got a clean install, but our investigation of Tripwire shows a GIANT
> corporate Dilbert empire with layer upon layer of obfuscation and a set of
> sticky hurdles to clear before even getting an evaluation unit ... they
> boast of being able to monitor 2,500 servers, but Geez, folks how about
> something for one or two servers?
There _is_ a GPLed Tripwire codebase, for whatever it's worth. But
please also see discussion within my article, referenced below.
> Isn't there an open-source alternative for this bloatware poster child?
> Even something that does a simple checksum kinda thing on key system and
> .conf files would be welcome.
I mention some options inside http://linuxgazette.net/issue98/moen.html ,
which you might find interesting (or not) for other reasons, as well.
You might also want to browse available tools on some packetstorm mirror or
other, e.g., http://packetstormsecurity.nl/UNIX/IDS/ ,
--
Cheers, "All power is delightful, but absolute power
Rick Moen is absolutely delightful." - Kenneth Tynan
rick at linuxmafia.com
More information about the vox-tech
mailing list