Date: Sat, 16 Oct 1999 14:28:45 -0700 From: Doug <Doug@gorean.org> To: Alan Krantz <atk@mathcs.emory.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Best way to detect break in Message-ID: <3808EE0D.CAED84F7@gorean.org> References: <199910161926.PAA02960@electron.mathcs.emory.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Alan Krantz wrote:
>
> What is the best way to detect a break in ? For example, is there a program
> that will make a checksum of all system software and then compare current
> checksum to this checksum (as well as other useful checks)?
Yes, tripwire does exactly what you want, is free and there is a port
for it. For commercial level solutions you should take a look at Network
Flight Recorder.
> I'm not on this mailing list - not sure if that makes a difference with
> regards to getting responses.
It doesn't. Long-standing public mailing list tradition is to respond
to the poster and cc: the list.
> I did look on freebsd.org/security and
> while they gave hints as to what to do if you detect a break in they
> didn't really discuss the art of detecting a clever break in...
Depending on what environment you're in you might want to invest in
some good books on system administration. For freebsd specific knowldege
"The Complete FreeBSD" is your best bet, available from WC Archive, and
lots of other places. For more general topics "Essential System
Administration" from O'Reilly is indispensable.
Good luck,
Doug
--
"Stop it, I'm gettin' misty."
- Mel Gibson as Porter, "Payback"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3808EE0D.CAED84F7>