[730] in Intrusion Detection Systems
No subject found in mail header
daemon@ATHENA.MIT.EDU (owner-ids@uow.edu.au)
Mon Sep 2 09:08:44 1996
Date: Mon, 2 Sep 1996 18:28:46 +1000 (EST)
From: owner-ids@uow.edu.au
In-Reply-To: <199608211335.JAA27376@phoenix.iss.net>
Apparently-To: <ids-redist@mit.edu>
Apparently-To: <Daniel_Bromberg@mit.edu>
ty
Date: Mon, 26 Aug 1996 07:41:06 -0500
To: ids@uow.edu.au
From: Gene Spafford <spaf@cs.purdue.edu>
Subject: Re: S3
Cc: Mark_W_Loveless@smtp.bnr.com
Sender: owner-ids
Precedence: bulk
Reply-To: ids
At 8:35 AM -0500 8/21/96, Christopher Klaus wrote in "S3":
[Various things about S3 compared to Tripwire, with all the apparent
advantages accruing to S3.]
Tripwire, however, watches for more than simply changes to files. It also
checks for changes to access times, permissions, owners, and other changes.
It monitors for additions or deletions of files in the watch list of
directories. It monitors change to any arbitrary file or directory or
device, user-defined or system level, rather than simply known system files.
Tripwire also provides several different "signatures" for files rather than
MD5, which may have some theoretical weakness. It can even include a
cryptographic checksum, if you so desire.
Thus, S3 and Tripwire each do things the other does not.
Two more features for Tripwire: you get source code, and it is free for
non-commercial use.
--spaf
