[RFC] programmatic IDS routing
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Mar 19 18:05:42 UTC 2008
On Wed, 19 Mar 2008 13:02:48 EDT, Steve Grubb said:
> files. In order for the IDS system to be able to distinguish an open of a
> watched file from an open of a *special* watched file that an alert should be
> sent for, I'd like to propose a standard way of alerting the IDS that this
> record needs additional scrutiny.
Why do we need special handling for something the IDS should be able to do for
itself? If your IDS system doesn't already have a copy of the list of "special"
watched files, you have *bigger* problems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080319/6b18ba96/attachment.sig>
More information about the Linux-audit
mailing list