I'll soon be placing a couple OpenBSD systems in harm's way (connected
full-time to the Internet). I've never before paid much attention to
intrusion detection and such, but I'm more worried about it now.
At any rate, I've been considering three systems to help me monitor my
Internet-connected systems: OpenBSD's bundled mechanisms (mtree and the
/etc/security script), COPS, and Tripwire.
Except for maybe the Kuang expert system, it seems to me that COPS
doesn't do much more that OpenBSD's /etc/security script. It's also not
clear to me what (if any) extra features that Tripwire provides would be
worth spending cash on. It also doesn't help that Tripwire isn't
supported on the *BSDs either, though it might run under Linux
So should I just spend time with mtree, or investigate the other
packages? Any suggestions are welcome.
http://www.xnet.com/~ansible Rapture. Be Pure. - Blondie