[unisog] Host Based IDS
r.fulton at auckland.ac.nz
Wed May 11 21:25:23 GMT 2005
On Wed, 2005-05-11 at 12:27 -0400, Reg Quinton wrote:
> Before installing an IDS on a Linux machine have you considered using the
> rpm tools? The command 'rpm -V -a' will verify the integrity of your system
> and makes a distinction between configuration files which will change and
> static files which should not. You can even ask it to verify small
> components of the OS.
one thing that samhain does that this does not is keep watch for LKM
root kits. It watches the mappings of selected system calls and alerts
if they change.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050512/0e7897a0/smime.bin
More information about the unisog