[unisog] Host Based IDS

Russell Fulton r.fulton at auckland.ac.nz
Wed May 11 21:25:23 GMT 2005


On Wed, 2005-05-11 at 12:27 -0400, Reg Quinton wrote:
> Before installing an IDS on a Linux machine have you considered using the 
> rpm tools? The command 'rpm -V -a' will verify the integrity of your system 
> and makes a distinction between configuration files which will change and 
> static files which should not. You can even ask it to verify small 
> components of the OS.

one thing that samhain does that this does not is keep watch for LKM
root kits.   It watches the mappings of selected system calls and alerts
if they change.

Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050512/0e7897a0/smime.bin


More information about the unisog mailing list