[Snort-users] Intrusion S/W detection tools?
darden at ...710...
Wed Mar 21 11:14:14 EST 2001
RPM for some Linux distributions. Run it from a CD. Other package
managers will do it as well.
Tripwire is good for any Unix, and NT. Checks for file manipulations,
dates, times, content, etc. Encrypts file details in a database so they
can't be manipulated by a hacker.
Nannie is a good open source tool.
--Patrick Darden Internetworking Manager
-- 706.354.3312 darden at ...710...
-- Athens Regional Medical Center
On Wed, 21 Mar 2001 SWilcoxon at ...1386... wrote:
> A little off the subject, but I feel it's related to IDS in general so this
> could be a helpful group.
> Are there any Open or Closed source tools for detecting that intruders have
> installed compromised tools, backdoors, etc on a Linux system? I know that
> many Virus Scanners can do this for files that are considered in that
> category by the developers, but do they really cover the other tools a
> Hacker may install on a System?
> No, I'm not trying to sanitize a system. I was just thinking that would be a
> good tool for people who may not have taken the proper safeguards for
> detecting binaries changing or files being added.
> swilcoxon at ...1386...
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users