Andreas Wagner
Hi List,
* Philippe Vogel
[020814 17:44]: Date: Wed, 14 Aug 2002 17:44:31 +0200 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Subject: Re: [suse-security] Tips zur tripwire config?
3) Better use aide instead!
I think i have understood the basics of tripwire. Aide's docu is not very verbose, to say the least - they say they provide some better functionality that tw, but maybe this refers to an older version of tw...
1) What are the advantages/disadvantages of tripwire/aide respectively? 2) did i get it right that it's best to start with the provided conf examples and then get rid of entries causing false alarms?
Yes you did. In theory you can even start with / R giving you lots and lots of false alarms and approaching step by step the configuration I've mailed by exluding files which change without any intrusion.
3) are there other options to think about than monitoring inclusions/ exclusions?
You should definitely think about where to store the tripwire database: It doesn't help to have a checksum for a file if the intruder may change file AND checksum. Regards, Matthias