1 |
At 05:14 PM 12/15/2003 +0100, you wrote: |
2 |
>> I think I read that AIDE was running on the Gentoo rsync server that was |
3 |
>> comprised so running it does seem like good practice. |
4 |
|
5 |
>IDS means intrusion DETECTION system, not PREVENTION! It cannot prevent |
6 |
>you system from being compromized (but a good configuration and regular |
7 |
>critical updates can...) - they only help you to understand what |
8 |
>happened, e.g. which files have been altered by a rootkit. Same for the |
9 |
>NIDS like snort and prelude... |
10 |
|
11 |
>HTH |
12 |
> Florian Huber |
13 |
|
14 |
I understand its Detection, not Prevention. AIDE running on the rsync |
15 |
server helped the security folks understand what happened. Prevention |
16 |
would be a one inch gap. |
17 |
|
18 |
-Karl |