tripwire vs. aide

ddaas · 05-26-2005, 10:33 AM

hi,
I have to install a new server computer and I don't know which is better Tripwire or AIDE?

I can’t say that I had nice experience with tripwire until now. I have never installed AIDE.

What do you think?
What do you prefer?

ddaas

iceman47 · 05-26-2005, 03:46 PM

Take your pick, I'll take aide anytime.

ddaas · 05-27-2005, 02:15 AM

Can you explain a little why?

iceman47 · 05-27-2005, 03:56 AM

I've used it for years, am very happy with it and does it's job faster than tripwire.
Tripwire supports signed databases but imo it's a bad idea to leave the db on the machine itself so
my aide db's get stored on an encrypted FS on another machine so I don't need tripwire's extended feature(s).

TruckStuff · 05-27-2005, 08:36 AM

I'll vote for tripwire for almost the exact same reasons.

Its easy to use once you get the hang of it. Its very secure compared to aide (encrypted DB, etc.). Plus I couldn't get aide to install the last time I was setting up a server. Let me rephrase: I couldn't get aide working. It installed then segfaulted everytime I tried to run it.

Atrocity · 06-01-2005, 01:58 PM

I am am also interested in using one of these tools on a hony pot I am building so any info suggestions or tutorial links would be helpfull

Ephracis · 06-01-2005, 05:44 PM

I first tried tripwire but as for TruckStuff (he could not get aide working), I could not get tripwire working. I would not even install, it broke at compile time and then I tried aide and it worked out fine. It is easy to set up and I am not sure if I will try tripwire anytime soon, since I have not seen any problems with aide yet.

ddaas · 06-02-2005, 03:02 AM

I have installed aide very easy and works just fine. Making Tripwire working took me a long time and a lot of nerves.
The configuration of tripwire is more difficult as the config of aide and not so clear.
The only advantage of tripwire is that it encrypts its database and config file.
I can do it by myself with gpg and a script with less that 5 lines and I get aide encrypted. Or I could take it offside/ro media.

So I vote for aide.

TruckStuff · 06-02-2005, 09:23 AM

Quote:

Originally posted by Ephracis
I first tried tripwire but as for TruckStuff (he could not get aide working), I could not get tripwire working. I would not even install, it broke at compile time and then I tried aide and it worked out fine.

Did you use the tripwire source from tripwire.org? That package hasn't been maintained very well and it breaks an almost every modern system. Paul Herman has taken up the tripwire source and adapted it to modern *nix systems. The package is called tripwire-portable and can be found here.

Ephracis · 06-02-2005, 10:07 AM

Thanks TruckStuff, I will check on that later. I do not know but guess it was from tripwire.org, I get almost all of my packages from freshmeat.net. :P

Atrocity · 06-02-2005, 01:31 PM

So I am guessing that aide is a better solution ?

Ephracis · 06-02-2005, 02:22 PM

Actually, this is like with distros: you can only know if you test them yourself.

Atrocity · 06-03-2005, 11:43 AM

HaHa sounds good, I will give that a try