-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 First off, I just wanted to say hello to everyone, since this is my first posting here at SuSE. I was reading an article in "linux journal" about an intrusion detection called "tripwire" (http://sourceforge.net/projects/tripwire). it sounds really great on paper, but i was wonder if anyone uses this program, and if so, are there any issues with it on a SuSE system, or in general (i.e. is it fairly reliable, stable, easy to setup)? Thanks in advance -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQA+AwUBOzYXHKhXhGbhej/EEQJtfwCY3uNrJ+kkmZ/JkJh5tN9xAB4BZwCZAUIw aE24LymxeXsP0ILZV2tIA7E= =bNx5 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 24 June 2001 12:36, Jeric babbled:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
First off, I just wanted to say hello to everyone, since this is my first posting here at SuSE.
I was reading an article in "linux journal" about an intrusion detection called "tripwire" (http://sourceforge.net/projects/tripwire). it sounds really great on paper, but i was wonder if anyone uses this program, and if so, are there any issues with it on a SuSE system, or in general (i.e. is it fairly reliable, stable, easy to setup)?
Thanks in advance
I've used it on SuSE and Caldera without any hassles. See http://linux.nf for a write-up on using it.. - -- Douglas J. Hunley (Linux User #174778) http://hunley.homeip.net/ http://linux.nf/ Brainbench Linux Administration Certified ~~ Now offering NO COST Linux admin services for the home user ~~ I liked things better when I didn't understand them. -- Calvin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjs2SrIACgkQOPP+k4ZeTm1N0QCeLuALXMeZMarLbiEgxzpiPh7S d7cAnAn4skWbyfAnLGnOq73Gg6CDeklh =aXVI -----END PGP SIGNATURE-----
Hi Jeric, I use tripwire, although not on a daily basis. It is moderately hard to setup, a lot of docs to wade through and the interface is not perfect. The 2 series is def. much better than the old version that shipped with suse 6.4: that required you to store the database on a floppy or so. You need quite a large floppy for a 20Gig drive :-) The tricky part is to make the selection of files to watch over: too few and you might miss things, too many and there will be so much info that you don't see the problems. I frequently use some AWk scripts to inspect the reports that tw produces. In all, I think it is quite nice. Run it often to reduce the workload and so you still remember that you did change config file /etc/so.and.so Dirk
participants (3)
-
dirk janssen
-
Douglas J. Hunley
-
Jeric