The Second Commandment of system administration (NewsForge)
Each integrity checker is a little different, so do some research before deciding on one. There are many excellent integrity checking applications out there, but the one I recommend and prefer is called afick (Another File Integrity ChecKer). Afick offers several advantages over integrity checkers such as Tripwire and AIDE. The first and foremost difference is that afick is written in Perl, which gives it the advantage of speed. Afick finishes the initialization of the database that stores filesystem attributes almost a minute faster than AIDE. Being written in Perl also means that afick is highly portable between operating systems."
Posted May 3, 2005 4:28 UTC (Tue)
by mightyduck (guest, #23760)
[Link] (2 responses)
Posted May 4, 2005 0:46 UTC (Wed)
by bignose (subscriber, #40)
[Link] (1 responses)
The name "AIDE", I presume you mean?
> No way that's gonna fly in a Germany-based company.
An automatic translation tool just gives me back the word "aide", which is apparently a valid word in both German and English.
Don't keep us in suspense. What's wrong with "AIDE" in Germany?
Posted May 4, 2005 6:04 UTC (Wed)
by xoddam (guest, #2322)
[Link]
Posted May 3, 2005 6:06 UTC (Tue)
by evgeny (subscriber, #774)
[Link] (4 responses)
Perl gives "the advantage of speed"?! Granted, an algorithm can be implemented badly in C and then, compared to the corresponding Perl's _built-in_ version (written in C, of course) which has been tuned and polished for years, would be indeed inferior. But then this applies to any language-to-language comparison. Now I'll wait for someone to state that some utility is written in Java for the sake of performance...
Posted May 3, 2005 11:13 UTC (Tue)
by ncm (guest, #165)
[Link]
Posted May 3, 2005 12:29 UTC (Tue)
by clugstj (subscriber, #4020)
[Link] (2 responses)
Posted May 3, 2005 13:07 UTC (Tue)
by evgeny (subscriber, #774)
[Link] (1 responses)
In the sentence, it's compared to tripwire and aide. These are written in C.
Posted May 3, 2005 22:19 UTC (Tue)
by rickmoen (subscriber, #6943)
[Link]
In the sentence, it's compared to tripwire and aide. These are written in C.
<pedantic>Technically, Tripwire's C++.</pedantic>
Rick Moen
Posted May 3, 2005 13:46 UTC (Tue)
by bkw1a (subscriber, #4101)
[Link] (1 responses)
Here's a link to some (out of date) documentation:
http://ayesha.phys.virginia.edu/~bryan/projects/famids/
It's sloppy, but it works well for me.
Posted May 3, 2005 14:01 UTC (Tue)
by evgeny (subscriber, #774)
[Link]
Well, you do want to notice when something changes; that's the point of the tool ;-). Seriously, these should be integrated with package management tools, so whenever I install something with e.g. apt-get, the aide database gets updated automatically (but only for files installed with apt, of course).
Posted May 3, 2005 20:43 UTC (Tue)
by crouchet (guest, #1084)
[Link]
While integrity checking is important I think there are several other practices that would have to come before it. Some examples might be:
Physically secure your system.
Just to name a few. Just think, if you had to CHOOSE whether to have passwords OR integrity checking but not both, which would you choose? This "what if" process makes the real priorities clear.
JC
Sorry, but they should have thought about the name. No way that's gonna The Second Commandment of system administration (NewsForge)
fly in a Germany-based company. The next thing they'll write will be
Another File Update ChecKer ;-)?
> Sorry, but they should have thought about the name.International issues
'afick' is about as much a word in German as 'fsck' is in English. International issues
Definitely not in the dictionary. So I don't see it being a problem.
> The first and foremost difference is that afick is written in Perl, which gives it the advantage of speed.The Second Commandment of system administration (NewsForge)
I laughed too. "Another advantage of Perl is that it is almost unmaintainable, and even entirely unchanged promises to stop working when the Perl interpreter or library installed is updated. This provides an opportunity for accelerated evaluation of alternative programs." Perl
Well, if the others are written as shell scripts, then Perl does provide a speed advantage. It all depends upon what you compare it to.Perl
> Well, if the others are written as shell scriptsPerl
evgeny wrote:
Perl
rick@linuxmafia.com
Around here, I use a script based on FAM to monitor a set of files for
changes. The files include things like /bin/login, /bin/ps, etc...
This approach has its pros and cons, but one big "pro" is that you can
set it and forget it. No need to rebuild a database whenever something
changes.
Another approach: file change notification
> No need to rebuild a database whenever something changes.Another approach: file change notification
2nd Commandment, huh? Did I miss seeing the list? Is their a new (and apparently not too bright) security deity handing down commandments?The Second Commandment of system administration (NewsForge)
Protect your system with secure password access.
Don't allow other systems to connect to yours in an insecure way.
Don't run insecure software.
Don't operate as root/administrator.