Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] General question Re: Securing Redhat Linux

On Thu, 19 Dec 2002 00:07:19 +1100
"Minh Van Le" <mvanle@xxxxxxxxxxxxxx> wrote:> 
> And I need a way to monitor file system changes. I could write my own `find'
> script, and hide it in some obscure directory that wouldn't be noticed, and
> hire somebody at $0.05/hr to log in and run it manually everyday, and then
> delete ~/.bash_history :)

Free tripwire like tools include: aide, integrit, samhain.
And tripwire itself for free unices.

To prevent themselves being compromised you can
boot from a read only floppy to do the check.

Also, some (samhain?) send checksummed logs offsite immediately.