Forwarded from: Me <joeat_private> On Fri, Nov 09, 2001 at 02:54:32AM -0600, InfoSec News wrote: > Forwarded from: Ejovi B. Nuwere <ejoviat_private> > Cc: nicole.bellamyat_private [snip] > Or are you saying that it works on Linux? I'm confused. I suspect you > are too. Why did you not research the subject, if you had you would > have found tripwire (http://www.tripwire.org/) which has been around > and widely used for almost 10 years. > > What about quoting experts other then the company CEO? Either you've > been had, or need a refresher course in journlistic intergrity. > > Your friend, > ejovi On Fri, Nov 09, 2001 at 02:57:46AM -0600, InfoSec News wrote: > Forwarded from: security curmudgeon <jerichoat_private> > cc: nicole.bellamyat_private, errata submission <errataat_private> > > Unless there is more to it, this claim is completely wrong. > > Hell, one could argue that "syslog" matches this description since it > will log audit related events. [snip] I think there is more to it. This is not the same thing as tripwire or any other host based intrusion dection system. This is more like the security auditing system that you would find described in the rainbow books. You would find such an auditing system on a C2 trusted system or higher. This is something that has been woefully lacking on linux systems. We have had the mandatory access control lists. This auditing system goes hand in hand with MACs. http://www.fas.org/irp/nsa/rainbow/tg001.htm http://www.intersectalliance.com/projects/Snare/index.html joe -- Don't forget to feed your brainworms chocolate covered mothballs or the pigs will eat grandma on the farm. --paraphrased Joe Walsh from the Drew Carey allstar improv. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 07:46:09 PST