On Sat, Aug 22, 2009 at 10:49 AM, Bill Campbell <centos@xxxxxxxxxxxxx> wrote:
>
> On Fri, Aug 21, 2009, Dave wrote:
> >On Tue, Aug 18, 2009 at 3:53 PM, Scott Ehrlich<srehrlich@xxxxxxxxx> wrote:
> ... stuff deleted
>
> >On Tue, Aug 18, 2009 at 6:57 PM, Bill Campbell<centos@xxxxxxxxxxxxx> wrote:
> >> To really know whether a system has been hacked, it's necessary
> >> to use something like Tripwire or Aide,
> One of the problems I've found with tripwire in particular and aide to a
> lesser extent is that they (a) tend to be very verbose even when nothing
> has changed, and (b) updating their database is fairly complex. I have
> developed a system that we use here and at our client sites that uses the
> tripwire formatted configuration files, but maintains its own database, and
> produces minimal reports of changes (none of nothing has changed).
> Updating its database after changes have been checked and verified is a
> simple file ``mv'' command.
Another open source tool you might want to consider.
http://ftimes.sourceforge.net/FTimes/index.shtml
--
Drew Einhorn
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
