Am Mittwoch, 18. Januar 2006 16:24 schrieb mir Johnson, Maurice E CTR NSWCDL-K74: > A good host based IDS (file integrity monitoring system) would > record any system level changes made.
No such IDS records any changes in *file systems* if the running software has no access to root privileges. That is a important difference. > IT should be fairly trivial to > start of with a sterile environment prior to running your CSA and > inspecting the environment afterwards. > > Try Tripwire or AID. This is not a good idea because this IDS cannot monitor all system activities. The only reliable way to monitor all activities is to run this software in a sandbox. Best Regards Oli -- gentoo-security@gentoo.org mailing list
