Stephen,
I've been using tripwire on my system for years now. It's kind of
like having a fire extinguisher in your kitchen; you hope you never
have to use it, but you're glad it's there if you have a problem.
Tripwire is an Intrusion Detection System (IDS) that builds a database
of your (new, clean, never been on the network) system and then checks
that database every morning and compares it against any changes. It's
highly configurable and can be used as a second line of defense
against crackers in addition to giving you some idea of what went
wrong if you intall something that screws up your system. If you have
a lot of systems to manage, it will let you know if a user changes
something important.
It is best to start out with a freshly installed system that has never
been on the network, but if you are 100% confident that the system has
never been cracked, it's probably okay to install it later.
There are two configuration files that are created and encrypted from
text files: twpol.txt is the policy file for your network and
twcfg.txt is the basic configuration for the system. Look in
/etc/tripwire for them. The encrypted database and reports are in
/var/lib/tripwire.
Regards,
Gregg
>>>>> "Stephen" == Stephen Spalding <[EMAIL PROTECTED]> writes:
> The root user on my Linux hosts get an email message daily that
> reads: /etc/cron.daily/tripwire-check: **** Error: Tripwire
> database for slin01dx not found. **** **** Run
> /etc/tripwire/twinstall.sh and/or tripwire --init. ****
> The man page describes tripwire as "a file integrity checker for
> UNIX systems". Does anyone use this or have any recommendations
> on it?
> Thanks!
> -Stephen Spalding
> _________________________________________________________________
> Send and receive Hotmail on your mobile device:
> http://mobile.msn.com
========================================================================
Talking with you is sort of the conversational equivalent of an out of
body experience. -- Bill Watterson, Calvin & Hobbes
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
