On Wed, Oct 27, 2010 at 7:04 PM, Damien Hull <damien@linuxninjas.tv> wrote:
> What's the story on auditd?
> I was told to look at it. I already have tripwire. It looks to me like they
> do the same thing.
Tripwire will tell you if something was changed. But only if you run
the tools to check if things have changed... cron obviously makes this
trivial. But the 'when' it changed is sometime between the last check
that succeeded and the one that failed.
Auditd, if setup properly will tell you when someone/some process has
attempted to do or successfully done things you want to log.
I see them as complementary security tools.
-J
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Oct 28 02:43:37 2010
This archive was generated by hypermail 2.1.8 : Thu Oct 28 2010 - 02:43:37 AKDT