----- Original Message ----- From: "Dan MacNeil" <[EMAIL PROTECTED]> To: <debian-isp@lists.debian.org> Sent: Sunday, June 22, 2003 3:24 AM Subject: review host based intrusion detection sytems
> Does anyone have opinions on them? > > We're setting up 3 new servers and I want to have an intrusion > detection database. > > Ease of use is much, much more important then perfect security. > > A while back we installed tripwire from tarball on one system but let it > get out of date. At another job, they had a homegrown system that is very > cumbersome,--lots and lots of false alarms and a pain to update. > Tripwire is fairly easy to use, but security will never be a one off thing, if you let your system get out of date then you will pay the bill
