SLUG Mailing List Archives
Re: [SLUG] General question Re: Securing Redhat Linux
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] General question Re: Securing Redhat Linux
- From: mlh@xxxxxxxxxx
- Date: Thu Dec 19 00:39:05 2002
On Thu, 19 Dec 2002 00:07:19 +1100
"Minh Van Le" <mvanle@xxxxxxxxxxxxxx> wrote:>
> And I need a way to monitor file system changes. I could write my own `find'
> script, and hide it in some obscure directory that wouldn't be noticed, and
> hire somebody at $0.05/hr to log in and run it manually everyday, and then
> delete ~/.bash_history :)
Free tripwire like tools include: aide, integrit, samhain.
And tripwire itself for free unices.
To prevent themselves being compromised you can
boot from a read only floppy to do the check.
Also, some (samhain?) send checksummed logs offsite immediately.