[CentOS] Intrusion Detection

Thu Mar 4 22:29:05 UTC 2010
Mike McCarty <Mike.McCarty at sbcglobal.net>

Jim Perrin wrote:
> On Thu, Mar 4, 2010 at 5:02 PM, Dan Burkland <dburklan at nmdp.org> wrote:
>> Hello all,
>>
>> I have been exploring the various intrusion detection systems
>> available for the Linux platform and was wondering what ones you
>> all would recommend? I have used AIDE before and while it is
>> extremely easy to setup, it does not support the ability to send
>> alerts as files are changed (allows one to be aware of an intrusion
>> almost immediately).

> You can use auditd to watch specific files if you're after some key
> things. Beyond that I just use aide.

I like tripwire and rkhunter.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!