Yes, it's a good idea to install and run tripwire. Since it is a file integrity checker, it is complementary to the other packages listed below. Make sure to maintain a CD copy of the database that tripwire generates when you initialize it. The drawback is that if you have a file system that changes frequently (dynamic), then you either have to frequently update the database, which is cumbersome and wasteful of CDs, or you find yourself reading ever-growing Tripwire reports. Mike -------------------------- Sent from my BlackBerry Wireless Handheld -----Original Message----- From: Aldo S. Lagana <alagana@xxxxxxxxxxxx> To: 'Jeffrey Laramie' <JALaramie@xxxxxxxxxxxxxxxxxxx>; netfilter@xxxxxxxxxxxxxxxxxxx <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Fri Sep 19 13:39:40 2003 Subject: RE: Additional Security Tripwire seems to be a filesystem monitor - I wouldn't necessarily run it or feel more secure running it, but others may disagree... I run portsentry, snort, squid and iptables (along with poptop and freeswan VPN servers) -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jeffrey Laramie Sent: Friday, September 19, 2003 1:15 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Hi All, I previously used Redhat releases for my firewall boxes, and they install iptables and tripwire by default. I have switched to SuSE 8.2 which doesn't install tripwire by default. My question is: Do you think it's worthwhile to install and configure tripwire on an iptables firewall box? I can't think of a better forum to get a straight opinion on this and I think this topic is of interest to most of the list members. However I understand this thread is off topic and will gladly take it off list or move it to another forum if you can suggest one. Jeff
