Intrusion Detection (aide review)
Paul DeAudney
pdeaudney at gmail.com
Sun Jan 6 12:02:34 UTC 2008
HI All,
I sit on this list looking for tips n tricks, but thought I would
comment on this thread.
I personally use Osiris for monitoring about 100 hosts.
http://osiris.shmoo.com/handbook.html#part1_chap1
It does file system integrity checks but also reports on open/closed
ports & user account changes.
I receive daily emails reporting only the changes from each host.
The scan rules can be easily tweaked using regexs to filter out cruft
resulting in a very low noise system.
It helps immensely with detection of machines that have been compromised.
--
Paul De Audney
More information about the Fedora-infrastructure-list
mailing list