So, I'm still running Tripwire 2.3.1.2 (hmm.. isn't 2.4.1.2 out now?) on Argo. You know what? Maintaining it sucks.
I hear samhain is the uber-cool IDS of the day (that actually has database signing using gpg, unlike aide), but then I need to learn another IDS.
I have this RPM database; isn't there some script that can use that to verify things aren't evil? Something that checks binaries and stuff using the database, and then looks for directories and files that shouldn't exist at certain places?
What else do people use for an IDS? Or IDS' just a tool of days-gone-by and I should just learn to live in the days where no one uses an IDS to make sure their box is 0wnz3d?
Delicious
Digg
Reddit
Technorati
http://www.digitalprognosis.com/opensource/scripts/restoreperms
I wrote a script that will fix ownership and permissions on files that change using the rpm -V option. You might be able to use it as a starting point to get an idea of the various things to query with rpm --querytags.
Where I work, we have a Sahmain / yule setup and it is pretty nice.
Post new comment