possible compromise or just misreading logs

Roger Marquis marquis at roble.com
Sun Dec 7 12:45:22 PST 2003


> Second, what are people using for intrusion detection?  This is something I
> have thought about but never really thought I needed until now.

No production environment should be without Tripwire (1.3 is my
favorite version).  With the right wrapper script
<http://www.roble.com/docs/twcheck> and off-line backups it's
impossible to compromise a system without being detected.

Nothing beats the relief you'll feel when tripwire gives your system
a clean bill of health after after finding some suspicious logs.

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/


More information about the freebsd-security mailing list