Tripwire, Radmind, Others?
Mark Haney
mhaney at ercbroadband.org
Fri Jan 11 14:13:00 UTC 2008
David Tonhofer wrote:
> Hello sysadmins,
>
> In order to lock down my little system I wanted to invest some
> time/money into a program to keeps a
> snapshot of the state of the filesystem, i.e. file names, file
> attributes and hashes.
>
> I have used "Tripwire" in the 90's and early 00's with some good results
> (but had some problems with
> its configuration) but then abandoned it as it was no longer packaged
> with Red Hat above 8 I think (?).
>
> Anyway, I wanted to look at "radmind" - does anyone have any particular
> notable points on it? Are
> these filesystem-synapshot approaches still current or are there new
> approaches (an enforcing SELinux
> or kernel modules collecting information at runtime come to mind).
>
> Best regards,
>
> -- David
>
>
>
>
Well, here's my tidbit. Take a look at OSSEC. It has similar
functionality to tripwire (to a point) and is totally open source. You
can write your own rules for monitoring things and it has an 'active
response' module that will automatically block ssh attacks per IP
address for a fixed period of time, etc.
I use it on my systems and I haven't had any trouble out of it. It's
maybe not all you need, but it might be a good start.
http://www.ossec.net
--
Recedite, plebes! Gero rem imperialem!
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
Call (866) ERC-7110 for after hours support
More information about the redhat-list
mailing list