On Mon, 2003-11-24 at 20:04, Wil Cooley wrote: > On Mon, 2003-11-24 at 08:49, Karl DeBisschop wrote: > > I personally gave up tripwire in favor of aide some time ago. > > > > Not that choice is bad, but it seemed worth mentioning. I thought I'd > > read someplace that aide was slated to replace tripwire in FC, but maybe > > that was my imagination. > > Oh man, have you looked at the code for AIDE? I haven't. It's worked for me out of the box, so I haven't needed to. But I'll accept your judgment that it should be cleaner. At the same time, I submit that the configuration of tripwire is too messy. My example: Since I run postgresql on several servers, files are routinely created and changed by DBMS users. In aide, a one line config switch excludes the DBMS data directory from the file scan. For tripwire, part of the discussion today was about creating add-on utilities that help the sysadmin exclude files that should not be checked. Tripwire may fit some needs, but since I to admin 20+ servers and desktops in something like 5 hours per week. With user-friendly tools like aide and logwatch, I can be a little proactive about security within those constraints. If I have to set up tripwire for each if those boxes, I don't think I can do it in that time frame. So I ask: 1) am I missing something that would make tripwire configurable for a basic setup in a 10-minute time frame? 2) If I am not, is there an alternative to both aide and tripwire that has clean code _and_ is more manageable than tripwire. 3) if there is no such alternative, what do you suggest Fedora _should_ use in this role? 4) If your answer to above is open-source tripwire plus some code changes and add-ons, can I assume that you have also audited the tripwire code and found it to be substantially cleaner than aide? (Reading the above, ISTM these questions are rather direct and could be antagonistic. That is not my intent - it just seems they are the questions that need to be answered to decide on an integrity-checking app for Fedora. So please don't read hostility into their directness - none is intended) -- Karl DeBisschop <kdebisschop alert infoplease com>
Attachment:
signature.asc
Description: This is a digitally signed message part