Re: AIDE

On Mon, Mar 08, 2004 at 01:34:02PM GMT, Kevin Philp 
<kevin@xxxxxxxxxxxxxxxxx> incoherently babbled:

> I am just setting upan intrusion detection system. I have used Tripwire in 
> the 
> past which works fine even if the policy file is a bit tricky to get used to. 
> However I was thinking about using AIDE, which appears easier to use, but 
> looking at the Sourceforge page there does seem to be much activity and the 
> documentation is pretty slim. Anyone got any views or advice on which to go 
> for?

I don't have much experience with any alternatives, but I've been using
AIDE for a few months now. It's quite good. Every day, I get greeted by a 
mail from each of my machines with the changes that have occurred. If
you have more than a handful of users to worry about, I'm sure it can be
tweaked to run more often.


The Debian Team swear by it after their boxes were compromised in the
leadup to the release of 2.4.23.

http://www.debian.org/News/2003/20031202

-- 

Conall O'Brien

+353 (0)87 9194139 | http://www.conall.net

GPG Key: http://www.conall.net/gpg/

Unix, BASIC, C, PASCAL, APL, ADA, and PROFANITY spoken here.
-- 
Irish Linux Users' Group
http://www.linux.ie/mailman/listinfo/ilug/