Re: what to monitor with host based ids?
From: Damian Menscher (menscher+security@uiuc.edu)Date: 06/03/02
- Previous message: Drew: "Re: Please advise"
- In reply to: qa monkey: "what to monitor with host based ids?"
- Next in thread: Tony Earnshaw: "Re: what to monitor with host based ids?"
- Reply: Tony Earnshaw: "Re: what to monitor with host based ids?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Damian Menscher <menscher+security@uiuc.edu> Date: Mon, 03 Jun 2002 20:24:15 GMT
qa monkey <byeaw@hotmail.com> wrote:
> im using openBSD 3.1 as a bridge/packet filter and I recently added
> fcheck to monitor directories and files. I set it up to monitor the /etc
> directory.
> What other directories should I monitor for changes?
Monitor everything, for starters. Then stop monitoring things that
change too much to be worth monitoring.
Damian Menscher
-- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 1429 DCL, Workstation Services Group, CITES Ofc:(217)244-3862 |#=- -=#| <menscher@uiuc.edu> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
- Next message: phn@icke-reklam.ipsec.nu: "Re: This is why businesses should avoid windoze/unix/linux ..."
- Previous message: Drew: "Re: Please advise"
- In reply to: qa monkey: "what to monitor with host based ids?"
- Next in thread: Tony Earnshaw: "Re: what to monitor with host based ids?"
- Reply: Tony Earnshaw: "Re: what to monitor with host based ids?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
