Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: syslog idea
From: jmb () kryten Atinc COM (Jonathan M. Bresler)
Date: Sat, 8 Oct 1994 23:59:18 -0400 (EDT)

On Fri, 7 Oct 1994, Fred Blonder wrote:


ALWAYS (well, almost) changing, so if Tripwire raised the alarm on a
logfile, your reaction should be: "So what?".  ;-)


        again if you are checking only, uid, gid, size increasing only,
etc then so what is the wrong reaction. 


At the FIRST Conference in Boston a couple months ago, Gene Spafford
spoke about Tripwire.  Someone in the audience asked about the
possibility of improving Tripwire so that it could checkpoint
logfiles.  Gene seemed to think this was a good idea, and said he'd
consider it in a future version.


        that is a different idea than what i thought you said.  good 
point.  rotating the logs and checking the older ones with a signature 
approaches this.   it a matter of granularity.  an inplace checkpoint 
could occur much more frequently.

jmb

Jonathan M. Bresler  jmb () kryten atinc com    | Analysis & Technology, Inc.  
                                                | 2341 Jeff Davis Hwy
play go.                                        | Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life      | 703-418-2800 x346

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]