[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] tripwire

Subject: Re: [cobalt-users] tripwire
From: "Geoff King" <geoff@xxxxxxxxxx>
Date: Thu Mar 2 16:27:58 2000

Gary,

    I have installed Tripwire on a RedHat Linux v5.2 box.

    Basically, it's considerably useless on a server that many people use
because it monitors changes in files, which on a hosting web server, files
change quite often.

    I have found the best means of monitoring hackers is to obtain a stand
alone server and use packet sniffing programs like ISS or what my business
partner uses Sessionwall-3.  There's a bunch more out there, I can't think
of their names off the top of my head.

    I thought it was kind of moot point for Tripwire as you'd only know
after the hacker gained access and modified files.  It's much better
watching the knock at the door first.

    Now, if the server is not used for many things, such as a secondary DNS
server, and that's it.  Tripwire would be a fairly decent tool in that you'd
definately know if someone was on there and messing with files that should
never be changed or modified.

    The other thing to do is hack your network yourself.  I run Nessus which
is an open-source security scanner about once every 6 months to see what it
can do.  It's a good idea to pay attention to the security announcements.
Any administrator should know exactly where someone can break into their
network.  Also, an administrator should be able to notice odd or different
behavior of servers and the network fairly quickly.

    Anyways, that's my 2 cents worth on tripwire.  Good tool, for specific
purposes.  Don't ignore it, but don't count on it either.

Geoff

----- Original Message -----
From: "RHLinux" <rhlinux@xxxxxxxxxxx>
To: "Cobalt-Users@xxxxxxxxxxxxxxx" <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, March 02, 2000 2:55 AM
Subject: [cobalt-users] tripwire


> has anyone tired installing tripwire on a raq2-3?
>
> its suppose to help in tracking would be attackers etc...
>
> http://www.zdnet.com/zdnn/stories/news/0,4586,2453339,00.html
>
> Gary
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- [cobalt-users] tripwire
  - From: RHLinux

Prev by Date: Re: [cobalt-users] Autoresponder via Procmail
Next by Date: RE: [cobalt-users] Maillog Errors
Previous by thread: [cobalt-users] tripwire
Next by thread: RE: [cobalt-users] tripwire

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index