System cracked, a story
Lars Kellogg-Stedman
lars at larsshack.org
Mon May 26 09:38:39 EDT 2003
On Mon, 2003-05-26 at 09:21, miah wrote:
> ugh, tripwire *laugh*
>
> You should all really look at samhain
I'm not disagreeing with you -- I haven't actually looked at samhain in
years, so I don't know how it looks these days -- but that was an
awfully dismissive email without any substance to it.
What does Samhain do that Tripwire doesn't? I'd be interested in a
review, because I'll shortly be putting together a new system
configuration for all the systems I support, and I'm going to need some
form of filesystem integrity checker.
And while we're on the topic, I'd encourage folks to take a look at
Radmind, from the nice folks at umich.edu. In some ways it takes
tripwire one step further -- if it discovers files that have changed, it
will replace them with originals stored on a server. Also very useful
for file distribution.
Radmind is certainly not as full-featured as tripwire as far as checking
files goes, but the tools are simple enough that I've found them useful
in shell scripts for doing things like automatically creating Solaris
package prototype files for perl modules installs.
-- Lars
More information about the Discuss
mailing list