Re: aide or tripwire

From: Jim Zajkowski (jim@jimz.net)
Date: 12/18/01


Date: Mon, 17 Dec 2001 20:34:01 -0500
From: Jim Zajkowski <jim@jimz.net>
To: focus-linux@securityfocus.com

On Sun, Dec 16, 2001 at 05:48:34PM -0700, Robin Lynn Frank wrote:
> We have been using tripwire to notify us if any files were tampered with. I
> recently tried aide on one machine and was impressed by its ease of
> configuration and lower cpu usage. Are there any problem areas for aide?

At the simplest, Aide offers no protection of the signature database, while
tripwire does.

Of course, you should still protect your tripwire database by burning it onto
CD, since tripwire has no protection against the database being deleted,
only modified.

--Jim

-- 
Jim Zajkowski
System Administrator            http://www.jimz.net/pgp-pubkey.asc
ITCS Contract Services  8A9E 1DDF 944D 83C3 AEAB  8F74 8697 A823 2113 5C53



Relevant Pages

  • Whats the better choice? aide or tripwire?
    ... Package: aide ... Description: Advanced Intrusion Detection Environment ... Package: tripwire ...
    (comp.os.linux.misc)
  • Re: Rooted
    ... >> And for that you do not need more than tripwire or aide. ... > you cannot use md5sum on a directory to see what was added. ... > As for tripwire, now your talking about a system monitoring itself. ... Echo _every_ command to a secure loghost. ...
    (comp.os.linux.security)
  • Re: Internet appliance?
    ... I may be a bit overworried, but I think something like Tripwire or AIDE ... To check your machine for rootkit attacks you may like to install ...
    (comp.os.linux)
  • Re: Hackers are unstoppable!
    ... > than Tripwire. ... Does the current version of AIDE sign both the database and policy ...
    (Fedora)
  • Re: rootkit detection utilities
    ... >You might want to look at tripwire, which creates a checksum of important files ... aide is a truly public domain version of tripwire. ... >likely he could do a lot of damage in 30 mins. ... >> I'm also interested in running snort. ...
    (comp.security.unix)