This topic is a actually pretty large one. The Software Engineering Research Laboratory at the University of Colorado created a platform based on their Siena project to make an event notification scheme available, but it was the agents that detected it that were very specific to each system. And since every OS is different, it's not likely that there's a one stop answer. Tripwire is certainly one point to look at, but the messages, particularly on a large file system, will be numerous, and you'll need to create a filter to find specific events. Also, you can write a couple of shell scripts, which I was planning on doing myself, to look at the /var/log/messages, /var/log/maillog and the related FTP and HTTP log files to check on activities that are questionable. For example, you can do quick greps for "authentication failure" messages. I'm sure there's probably packages out there that are more robust, and you might try checking some of the internet security sites for ideas and toolkits. -Bob > hi, I need to setup an intrusion detection system, where I can see > user activities like failed attemps, file modified by the user etc. I > was thinking of TRIPWIRE but it only checks files integrity not the > user attempts. > > Any comments > > Asif > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
