Date: 11 Aug 2002 19:21:23 +0100 From: Stacey Roberts <stacey@Demon.vickiandstacey.com> To: Randy Belk <rbelk@bccs.homeip.net> Cc: sroberts@dsl.pipex.com, Volker Kindermann <freebsd@secspace.de>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: aide-0.7_1 docs? Message-ID: <1029090085.38776.185.camel@Demon.vickiandstacey.com> In-Reply-To: <20020811090900.T42163-100000@bccs.homeip.net> References: <20020811090900.T42163-100000@bccs.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-NwAdvuXHXoy/xd9ELTpJ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Randy, Great to hear those comments about Sanhain. I take it you rate this above the others mentioned in this thread, then. I was thinking of going with something along the line of portsentry for the network port monitoring) as well as something along the lines of (what I now believe) samhain. Did the install / config go well? Are there any gotcha's for FreeBSD 4.6 Stable that I should be aware of? I only ask because samhain is *not* mentioned in /usr/port/security Stacey On Sun, 2002-08-11 at 15:25, Randy Belk wrote: > I am have tried tripwire, aide, integret, and a few others but the > benifits of samhain are fantastic. It doesn't put a load on my > Pentium/133, and it does real time fantastic. It can check my setup > every 20-30 minutes. >=20 > Benifits > - md5's it's on binary, and it checks it when it starts and stops > - can log to a central logging server > - md5's logs and emails > - does real time suid checks > - checks for logins and multiple logins > - on linux it can check for kernel module rootkits >=20 > and many more >=20 > The only problem I have found with samhain is the logging. Since > every log entry is md5'ed, the output is very weird. Also, there is > not a daily email like aide and tripwire sends, it's real time remember. >=20 >=20 >=20 > On 11 Aug 2002, Stacey Roberts wrote: >=20 > > Hi Volker, > > Thanks for the your thoughts and suggestions. I've not looked at the > > aide docs (as suggested by Dru earlier in the post), and it looks as if > > I'll only be able to find the URL for the aide docs *after* installing > > the thing - not happy with that! > > > > I'll take a look at samhain today - one thing, is it compatible with > > FBSD 4.6Stable? > > > > Stacey > > > > > > > > On Sun, 2002-08-11 at 10:50, Volker Kindermann wrote: > > > Hi Stacey, > > > > > > > I used to use tripwire, but found that it didn't *really* do what I > > > > thought it would (which is provide real-time notification of intrus= ion > > > > attempts / hacks). > > > > > > I know tripwire and I think it is not intended to do real-time monito= ring. I don't know aide but I can imagine that it don't have real-time moni= toring, too. Please correct me, if I'm wrong. > > > > > > Lately I found a tool called samhain (http://la-samhna.de/samhain/) t= hat is able to run as a daemon and therefore does some kind of real-time mo= nitoring. Perhaps you'll give it a try. > > > > > > HTH > > > -volker > > > > > -- > > Stacey Roberts > > B.Sc (HONS) Computer Science > > >=20 > -------------------------------------------------- > Microsoft: "Where would you like to go to today" > Linux: "Where would you like to go tomorrow" > BSD: "Hey,when are you guys going to catch up" >=20 > The BSDway is the only way........................ >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message --=20 Stacey Roberts B.Sc (HONS) Computer Science --=-NwAdvuXHXoy/xd9ELTpJ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUAPVarIZvQeubckvvXAQHf+Af/Yv2WqQq30fNX8Zj9oowMZMpKqi2lKLjg 0DlEYQAGaGyhWcfgjyaOrQA078U9KbJbfWyFoXsyzHnzgh5xkPgrJSQ2vRhD7L9G durLFQSQfUxIgvhpLctvD82P9TeHYvjeLMlBk+Rk8tmHTNBW2WVuZPPUEAOwqNhB dKK01G/JA/tK6Y/h8tDnTtF5AjHieNXnQWr6pKQNhume80n8rzBebDWPu2EA/jcI nCQYpbSxVXptPfPktLvCuOD1PvI4unhA3PDCB5UfOaG9Cbj3U95G2qToMq67C5r/ gmqbL+pGnV75yP+mZw1IfdPauoUvCf13SLmdIrPHQpmxSG3RvAsC2w== =vvQC -----END PGP SIGNATURE----- --=-NwAdvuXHXoy/xd9ELTpJ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1029090085.38776.185.camel>