[Snort-users] Intrusion S/W detection tools?

shawn . moyer shawn at ...1184...
Wed Mar 21 11:20:42 EST 2001


SWilcoxon at ...1386... wrote:

> Are there any Open or Closed source tools for detecting that intruders > have installed compromised tools, backdoors, etc on a > Linux^H^H^H^H^HUnix system? 

Not Linux-specific, but there are lots of integrity-checking tools that
should provide what you need. Tripwire (funky licensing) and AIDE (GPL)
are two of the more frequently-used. 

This should get you started:

http://freshmeat.net/search/?q=tripwire

Basically with an integrity-checker you create a database of all files
on the system's checksums (via any number of algorithms, MD5, SHA-1,
Blowfish, what-have-you) just after installing the system, then run
periodic checks to see if files' sizes, permissions, inodes, etc. have
changed.





--shawn 

-- 

s h a w n   m o y e r
shawn at ...1184...


The universe did not invent justice; man did.
Unfortunately, man must reside in the universe.

                                        -- Zelazny




More information about the Snort-users mailing list