possible compromise or just misreading logs
Roger Marquis
marquis at roble.com
Sun Dec 7 12:45:22 PST 2003
> Second, what are people using for intrusion detection? This is something I
> have thought about but never really thought I needed until now.
No production environment should be without Tripwire (1.3 is my
favorite version). With the right wrapper script
<http://www.roble.com/docs/twcheck> and off-line backups it's
impossible to compromise a system without being detected.
Nothing beats the relief you'll feel when tripwire gives your system
a clean bill of health after after finding some suspicious logs.
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
More information about the freebsd-security
mailing list