[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Tripwire vs rootkit Hunter
Yes, Tripwire looks to be more necessary :)
----- Original Message -----
Sent: Monday, September 13, 2004 5:59 PM
Subject: Re: [suse-security] Tripwire vs rootkit Hunter
> Quoting John <isofroni@xxxxxxxxx>:
> > Which is best?
> > Has anyone tried both these tools?
> As far as I'm aware, these are two completely different tools that do
> different things.
> Tripwire is an intrusion detection system. It lets you know when
> changed your files. Assuming you hadn't done it yourself, you know
> Rootkit Hunter, as its name implies, scans your computer for known
> someone may have left there.
> Tripwire has the advantage of letting you know what files have changed,
> thus detect all rootkits, not just known ones. On the downside, it
> more effort to keep its DB up to date. You'll have to run it after every
> security update. Rootkit Hunter will also find rootkits that have been
> but not yet activated. For instance, if one of your users puts a rootkit
> their home directory, tripwire wouldn't alert you until it's activated.
> Consider it in terms of building security, tripwire is just like a
> anyone breaking in sets it off. Rootkit Hunter is like a security guard,
> has a chance of seeing the undesirable before the actual breakin, but has
> already know what the thief looks like.
> Personally, I prefer tripwire.
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here