Re: what to monitor with host based ids?

From: Damian Menscher (menscher+security@uiuc.edu)
Date: 06/03/02

  • Next message: phn@icke-reklam.ipsec.nu: "Re: This is why businesses should avoid windoze/unix/linux ..."

    From: Damian Menscher <menscher+security@uiuc.edu>
    Date: Mon, 03 Jun 2002 20:24:15 GMT
    
    

    qa monkey <byeaw@hotmail.com> wrote:
    > im using openBSD 3.1 as a bridge/packet filter and I recently added
    > fcheck to monitor directories and files. I set it up to monitor the /etc
    > directory.
    > What other directories should I monitor for changes?

    Monitor everything, for starters. Then stop monitoring things that
    change too much to be worth monitoring.

    Damian Menscher

    -- 
    -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
    -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
    -=#| 1429 DCL, Workstation Services Group, CITES Ofc:(217)244-3862 |#=-
    -=#| <menscher@uiuc.edu> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-