[wplug] System file permission,
owner and group auditing utility - Options
Maloney, Brad
bmaloney at accessdc.com
Tue Apr 12 05:45:23 EDT 2005
I'm actually in the process of developing a deployment procedure for Tripwire. All I can say is that it can be pretty time consuming to set it up for the first time (I'm still setting it up). It comes highly recommended, however.
>From my internal testing, I chose Tripwire over AIDE because you can sign your Tripwire configuration/database. With AIDE, someone can compromise your system and alter your AIDE configuration and you wouldn't know what happened. What's the point of having an IDS when it can be so easily circumvented? No one can touch your Tripwire config without knowing the right set of passphrases.
If this doesn't matter to you, then choose AIDE. AIDE is almost two times faster than Tripwire, as far as scanning. For the paranoid such as myself, I will choose security over performance (especially in an IDS). :)
Good luck with your decision.
Brad Maloney <bmaloney at accessdc.com>
Phone: 412.968.4021 Fax: 412.967.9504
Access Data Corporation - Technology Center
90 Beta Dr., Pittsburgh PA 15238
> Thanks for the responses.
> Tripwire looks like an option. however, I was wondering if anyone had experience with aide > http://www.cs.tut.fi/~rammer/aide.html or osiris http://www.shmoo.com/osiris/
> Reed
> Reed Reavis - Software Configuration Management
> Phone: 412-859-2259
> Email: rreavis at fedex.com
More information about the wplug
mailing list