[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Security - intern] [linux-security] Re: You got some 'splaininn to do Lucy ;-)

From: Andreas Siegert <afx suse de>
To: security suse de
Cc: linux-security redhat com
Subject: Re: [Security - intern] [linux-security] Re: You got some 'splaininn to do Lucy ;-)
Date: Sun, 1 Aug 1999 11:42:01 +0200

Quoting Crispin Cowan (crispin cse ogi edu) on Sat, Jul 31, 1999 at 01:28:29AM +0000:

> While it is true that you need *some* kind of host-based intrusion
> detection to know that your host has been secure, it is not true
> that you need Orange Book Auditing[tm] to do intrusion detection.
> Counter-example: if you used Tripwire to periodically check the
> integrity of your host, then you could detect intrusions without
> Orange Book style auditing.

If you want to do it in real time, you need system call auditing. Tripwire can 
do only after the fact checks (sure better than nothing!).

cheers
afx

[mod: Trimmed the quoting a bit. -- REW]

-- 
SuSE Muenchen GmbH                Phone: +49-89-42769-0
Stahlgruberring 28                Fax:   +49-89-42017701
D-81829 Muenchen, Germany
                      May the Source be with you!

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]