Date: Sun, 11 Aug 2002 09:11:20 -0400 (EDT) From: Dru <dlavigne6@cogeco.ca> To: sroberts@dsl.pipex.com Cc: FreeBSD <backdoc@crotchett.com>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: aide-0.7_1 docs? Message-ID: <20020811091020.L9801-100000@x1-6-00-80-c8-3a-b8-46> In-Reply-To: <1029070581.38776.180.camel@Demon.vickiandstacey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 Aug 2002, Stacey Roberts wrote: > I've just had a read through the manual included in your earlier post. > > Unfortunately, there's no mention of any real-time detection / reporting > functionality / config options in aide. And from the line: "After a > break-in, an administrator may begin by examinining the system using > system tools like ls, ps, netstat, and who --- the very tools most > likely to be trojaned.", I'm not sure that this is what I'm looking for > here - doesn't appear to offer any real-time detection / reporting of an > ongoing intrusion attempt > > I've sent an e-mail to rammer requesting further information on aide, > which hopefully will lead to a more informed decision on aide. > > Its good of you all to get back to me. At this point, I am beginning to > believe that maybe I'm thinking of *something else* here, when I say > Intrusion Detection System. Feel free to correct me if I'm heading down > the wrong search path here. Sounds like you're thinking more along the lines of "snort" or "portsentry". Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020811091020.L9801-100000>