[linux-elitists] Intrusion Detection/File System Scanner.

billy@damaged-world.net billy@damaged-world.net
Fri Jun 6 15:11:07 PDT 2003


Probably not the most on topic question for this list, but I'm looking
for piece of software that behaves a certain way, and I'm not finding
it. 

Now, I'm not the brightest spark in the engine, so I always assume that
if I can figure something out, then other people can as well, and if I
think that the best way to do something is <x>, then either <x> has been
done, or people brighter than I have looked at the problem and figured
out where I was wrong. 

I'm hoping someone here can tell me which of those is the case for this. 

What I'm looking for is an file system scanner alá tripwire/aide that is
designed for use on a large network--one that does the scanning locally,
but offloads the checking and notification to a remote (presumably more
secure) host.

In otherwords I have a "client" that scans the local filesystem, builds
a [database table] of filename, stat info and hashes, then hands it off
to the "server" to store and compare against previous versions. 

I'm familiar (a little) with Samhain, but it's not really what I'm
looking for. 

Any other packages I should be aware of before I dust off the C books
and start learning how to write secure code in C? 


-- 
"d00d! When the CHINESE COMMUNIST PARTY thinks their privacy invasion
has bad publicity repercussions, you might want to think twice about
issuing a press release.", Mr Bad talking about 
http://news.com.com/2009-1088_3-984352.html?tag=lh




More information about the linux-elitists mailing list