[mdlug] Best Linux Security? Anyone use tripwire?

Carl T. Miller carl at carltm.com
Sun Jan 20 20:46:04 EST 2008


Robert Lippert wrote:
> Whats the best security system?
> Note...I use Red Hat.

The best security is a sharp, attentive administrator.  Tripwire
is good for letting you know after the fact that files have changed.
It's more important that you don't run services you don't need, that
you maintain security patches, that you train your users well, have
a good firewall, and carefully review the configuration of services
and applications that you run.  My point being that tripwire and
similar programs are only a small part of overall security.

I have used tripwire in the past and found that it was more work
to configure and maintain than I cared for, especially since it
did nothing proactive to protect the server.  If you do want to
monitor changes, you might want to look for changes in processes
that are running as well as network connections that are made in
addition to changes in files.

I'm not sure which monitoring programs Red Hat recommends.  You
might want to look in the Red Hat system administration guide
to see what they support.

c





More information about the mdlug mailing list