Re: [cobalt-users] PortSentry and Logcheck ?

[Dom Latter <d.latter@xxxxxxx>]

Rodolfo Paiz wrote:
> 
> Here we go again: acute attack of ignorance coming on...

We're all learning.

> What's tripwire, triplite, etc. I have no idea what a "base line" thingy is,
> what it does, or where to get it; could you expand a little? I'm already
> working on installing the other two.

Try www.tripwire.com:

-------------------------
1. Brief Product Overview
-------------------------
 
Tripwire works at the most fundamental layer, protecting the servers and
workstations that make up the corporate network. Tripwire works by first
scanning a computer and creating a database of system files, a compact
digital "snapshot" of the system in a known secure state. The user can
configure Tripwire very precisely, specifying individual files and
directories on each machine to monitor, or creating a standard template
that can be used on all machines in an enterprise.
 
Once this baseline database is created, a system administrator can use
Tripwire to check the integrity of a system at any time. By scanning
the current system and comparing that information with the data stored
in the database, Tripwire detects and reports any additions, deletions,
or changes to the system outside of the specified boundaries. If these
changes are valid, the administrator can update the baseline database
with the new information.  If malicious changes are found, the system
administrator will instantly know which parts of which components of
the network have been affected.