| 1 |
At 05:14 PM 12/15/2003 +0100, you wrote: |
| 2 |
>> I think I read that AIDE was running on the Gentoo rsync server that was |
| 3 |
>> comprised so running it does seem like good practice. |
| 4 |
|
| 5 |
>IDS means intrusion DETECTION system, not PREVENTION! It cannot prevent |
| 6 |
>you system from being compromized (but a good configuration and regular |
| 7 |
>critical updates can...) - they only help you to understand what |
| 8 |
>happened, e.g. which files have been altered by a rootkit. Same for the |
| 9 |
>NIDS like snort and prelude... |
| 10 |
|
| 11 |
>HTH |
| 12 |
> Florian Huber |
| 13 |
|
| 14 |
I understand its Detection, not Prevention. AIDE running on the rsync |
| 15 |
server helped the security folks understand what happened. Prevention |
| 16 |
would be a one inch gap. |
| 17 |
|
| 18 |
-Karl |
Archives