[2192] in linux-security and linux-alert archive
[linux-security] Re: [Security - intern] Re: You got some 'splaininn to do Lucy ;-)
daemon@ATHENA.MIT.EDU (Andreas Siegert)
Mon Aug 2 02:42:09 1999
Date: Sun, 1 Aug 1999 11:42:01 +0200
From: Andreas Siegert <afx@suse.de>
To: security@suse.de
Cc: linux-security@redhat.com
Mail-Followup-To: security@suse.de, linux-security@redhat.com
In-Reply-To: <37A2513D.87A23258@cse.ogi.edu>; from "Crispin Cowan" on Sat, Jul 31, 1999 at 01:28:29AM +0000
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Quoting Crispin Cowan (crispin@cse.ogi.edu) on Sat, Jul 31, 1999 at 01:28:29AM +0000:
> While it is true that you need *some* kind of host-based intrusion
> detection to know that your host has been secure, it is not true
> that you need Orange Book Auditing[tm] to do intrusion detection.
> Counter-example: if you used Tripwire to periodically check the
> integrity of your host, then you could detect intrusions without
> Orange Book style auditing.
If you want to do it in real time, you need system call auditing. Tripwire can
do only after the fact checks (sure better than nothing!).
cheers
afx
[mod: Trimmed the quoting a bit. -- REW]
--
SuSE Muenchen GmbH Phone: +49-89-42769-0
Stahlgruberring 28 Fax: +49-89-42017701
D-81829 Muenchen, Germany
May the Source be with you!
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
