List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Am Mittwoch, 18. Januar 2006 16:24 schrieb mir Johnson, Maurice E CTR
> A good host based IDS (file integrity monitoring system) would
> record any system level changes made.
No such IDS records any changes in *file systems* if the running
software has no access to root privileges. That is a important
> IT should be fairly trivial to
> start of with a sterile environment prior to running your CSA and
> inspecting the environment afterwards.
> Try Tripwire or AID.
This is not a good idea because this IDS cannot monitor all system
activities. The only reliable way to monitor all activities is to run
this software in a sandbox.
email@example.com mailing list