Re: snort or tripwire, which is best?

From: Stachu 'Dozzie' K. (dozzie_at_dynamit.im.pwr.wroc.pl.nospam)
Date: 09/07/05


Date: Wed, 7 Sep 2005 09:56:02 +0000 (UTC)

On 07.09.2005, Colin McKinnon <colin.deletethis@andthis.mms3.com> wrote:
> Stachu 'Dozzie' K. wrote:
>
>> On 06.09.2005, Proteus <proteus@uselessemail.net> wrote:
>>> For a relative novice using Mandriva linux, which would be better, snort
>>> or tripwire, for me to install and configure on my system? (Desktop PC
                                                                ^^^^^^^^^^
>>> used for browsing, news, email, home office, etc., NOT for Apache server,
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> etc).
>>
>> Neither. You don't need them.
>>
>
> Is that supposed to be in jest?
>
> This is exactly the sort of system that needs a host based IDS (i.e.
> tripwire/AIDE/L5...). If Stachu is asking the question then he probably
> does not have a local server for files nor any backup system. If he gets
> rootkitted, his only viable option is to reformat/restore.

Which word from the underscored part you don't understand? This won't be
any server, just desktop (probably home, since OP tries to compare two
programs doing different things).

And how would you like to make sure you don't have rootkits when you get
one? Removing manually? Or maybe restore from backup?

-- 
Feel free to correct my English
Stanislaw Klekot