David Tonhofer wrote: > Hello sysadmins, > > In order to lock down my little system I wanted to invest some > time/money into a program to keeps a > snapshot of the state of the filesystem, i.e. file names, file > attributes and hashes. > > I have used "Tripwire" in the 90's and early 00's with some good results > (but had some problems with > its configuration) but then abandoned it as it was no longer packaged > with Red Hat above 8 I think (?). > > Anyway, I wanted to look at "radmind" - does anyone have any particular > notable points on it? Are > these filesystem-synapshot approaches still current or are there new > approaches (an enforcing SELinux > or kernel modules collecting information at runtime come to mind). > > Best regards, > > -- David > > > > Well, here's my tidbit. Take a look at OSSEC. It has similar functionality to tripwire (to a point) and is totally open source. You can write your own rules for monitoring things and it has an 'active response' module that will automatically block ssh attacks per IP address for a fixed period of time, etc. I use it on my systems and I haven't had any trouble out of it. It's maybe not all you need, but it might be a good start. http://www.ossec.net -- Recedite, plebes! Gero rem imperialem! Mark Haney Sr. Systems Administrator ERC Broadband (828) 350-2415 Call (866) ERC-7110 for after hours support -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
