System Integrity Checkers

  • IDS: Host based (tripwire) and Network based (Snort).
  • Tripwire (System integrity scanner). Creates a chacksum of the system after fresh installation and verifies the it on a regular basis, running through cron.
    Replacements for Tripwire:
    AIDE: ftp://ftp.linux.hr/pub/aide
    Samhain: www.la-samhna.de/samhain.index.html
    Gog&Magog: www.multimania.com/cparisel/gog
    Sentinel: http://zurk.sourceforge.net/zfile.html
    SuSEauditdisk: www.suse.de/~marc/

    GNUtar, tar -d (Check for system modifications)

    For example, 
    tar -df DOC.tar DOC
    shows how files in directory DOC are different from the archive:
    Uid differs
    Gid differs
    Mod time differs
    Size differs

    Services and system availability monitoring

    Centralized system monitoring with Nagios
    Previous Pageprevious First Pagetop Next Pagenext