Re: mtree vs tripwire
From: Adrian Filipi (adrian+freebsd-security_at_ubergeeks.com)
Date: 01/16/04
- Previous message: Illia Baidakov: "Re[2]: kerberos5 authentication of ssh connections"
- In reply to: D J Hawkey Jr: "Re: mtree vs tripwire"
- Next in thread: Dorin H: "Re: mtree vs tripwire"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Jan 2004 01:09:16 -0500 (EST) To: D J Hawkey Jr <hawkeyd@visi.com>
On Wed, 14 Jan 2004, D J Hawkey Jr wrote:
> On Jan 14, at 07:09 PM, Jesper Louis Andersen wrote:
> >
> > > This might seem really naive, but can mtree be used effectively as
> > > a native-to-core-OS tripwire equivalent? Would it be as efficient in
> > > terms of time-to-run and resource requirements?
> >
> > Pro: distributed with base
> > Con: Only available for *BSD architectures as far as my knowledge goes.
>
> I'm aware of both, yes; hence my question. FreeBSD is all I'm dealing
> with, where my question is concerned.
>
> Is your reply from personal experience, or is it the same "Hey, it
> could..." as is my question? If the former, would you elaborate on the
> implementation details?
>
> Thanks,
> Dave
The company I just left makes a security appliance, and we
developed an mtree-based IDS. As others have mentioned, raw mtree and diff
as-is leaves a lot to be desired. It's just not very conveneint.
That being said, its works great now that we wrapped it all up in
some wrapper scripts.
Adrian
-- [ adrian@ubergeeks.com ] _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Illia Baidakov: "Re[2]: kerberos5 authentication of ssh connections"
- In reply to: D J Hawkey Jr: "Re: mtree vs tripwire"
- Next in thread: Dorin H: "Re: mtree vs tripwire"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
