[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: File Integrity Checkers [was: Apache WebServer on OpenBSD 3.1]

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: File Integrity Checkers [was: Apache WebServer on OpenBSD 3.1]
From: Saad Kadhi <bsdguy_(_at_)_docisland_(_dot_)_org>
Date: Tue, 15 Oct 2002 08:35:46 +0200
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Tue, Oct 15, 2002 at 12:00:05AM -0400, Christopher Kruslicky wrote:
> On Monday 14 October 2002 04:55 pm, Saad Kadhi wrote:
> > On Mon, Oct 14, 2002 at 01:28:56PM -0700, Richard P. Koett wrote:
> > > One of the most valuable things I get from this list is the
> > > occasional reference to some tool I haven't heard about
> > > before. Perhaps I am hopelessly out of the loop, but I had
> > > not heard of samhain before, and I'm very interested by
> > > it's client/server and authentication capabilities.
> > >
> > > I don't see it here, however:
> > > http://www.openbsd.org/cgi-bin/cvsweb/ports/
> > >
> ...
> >
> > samhain is not available as a port AFAIK but it compiles nicely on
> > OpenBSD (3.1-stable here). This tool is quite young so look carefully
> > at the docs/README and specially at ./configure --help :).
> >
> > HTH
> 
> I've never tried samhain but looking it up it does seem to have some 
> nice features, but can't compare.  
I've been using AIDE for quite some time now. I even tried porting 0.9 with my
poor dev skills but it didn't compile out of the box and there were here and
then some linux-related code. this plus the fact that it doesn't check the
integrity 24/7 pushed me to look for another solution. samhain looks really
promising. I say promising because I'd only time to explore parts of its
functionalities. The documentation is of rather a poor quality (too much
information, too much cross-links, ...) and it looks more complicated to set up
than AIDE. 

Among the feats that interested me in this piece:
- daemon mode 
- sends signed emails 
- doesn't alert a thousand times about the same damn file which perms had
  changed but rather send one message and keep tracking the file for other
  changes
- can send events to a central samhain server
- several pre-configured policies
- monitors log in/out via utmp
- monitors suid/sgid files


> I have compiled Osiris v1.5 on OpenBSD and Solaris.  v2 is still under 
> development which is to include client/server management.  The current 
> version was easy to setup, has nice config syntax, etc. but did require 
> some extra scripting for notifications and detailed logging.  In case 
> it helps somebody out, here's a link:
> http://osiris.shmoo.com/
Thanks. I will get a look at it.

If somebody has some experience with samhain or another integrity checker  and
willing to share...

-- 
Saad Kadhi -- [saad_(_at_)_docisland_(_dot_)_org] [bsdguy_(_at_)_docisland_(_dot_)_org]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63  65EB 34F1 DBBF 3559 2A6D]
---
"Si ce que tu dis n'est ni beau, ni bon, ni vrai, alors tais-toi!"
							    - Socrate

Prev by Date: Re: Apache WebServer on OpenBSD 3.1
Next by Date: gre tunnel syntax in 3.2
Previous by thread: Re: upgrading to 3.2
Next by thread: gre tunnel syntax in 3.2
Index(es):
- Date
- Thread

Visit your host, monkey.org