LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices


Reply
  Search this Thread
Old 05-22-2018, 10:45 AM   #1
jbeiter
Member
 
Registered: Jul 2004
Posts: 103

Rep: Reputation: 15
Aide vs Tripwire on Redhat


I'm not sure if this is actually redhat specific but I know they tend to restrict versions through redhat network so asking here.

I'm trying to compare the two to possibly migrate from Tripwire to Aide.

One big difference I see is that Aide does not show what user modified a particular file, while Tripwire does. Can anyone confirm this is a shortcoming of Aide or if I just don't have something configured right?

Thank you!
 
Old 05-27-2018, 05:33 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,393
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
Quote:
Originally Posted by jbeiter View Post
I'm not sure if this is actually redhat specific but I know they tend to restrict versions through redhat network so asking here.
Red Hat (the vendor) doesn't "restrict" software to a certain major or minor version but uses an Enterprise-oriented update scheme. With extensive quality control, selected backporting and regular Updates per major release it caters to those who are required to ensure customers a certain level of security, stability and continuity. *If you're running Red Hat Enterprise Linux (the product) for no apparent reason and you do have the time to manage it properly then maybe consider switching to CentOS, its de-branded, "free" spin-off which benefits from the same Q/A?


Quote:
Originally Posted by jbeiter View Post
One big difference I see is that Aide does not show what user modified a particular file, while Tripwire does. Can anyone confirm this is a shortcoming of Aide or if I just don't have something configured right?
I think the major shortcoming of tripwire is it's not being updated if I look at https://sourceforge.net/projects/tripwire/ ? As far as I'm aware tripwire is a commercially-licensed product and AIDE is not. AIDE is a passive checker (run from CLI or job scheduler) and I think tripwire is too. If both are then I wonder how a HIDS would record which user modified which file as that would require a continuous scanning of kernel data (aka a daemon process) or plugging in to say the auditd service?..

If you're looking for a host-based integrity checker then I would suggest you also look into Samhain (la-samhna.de/samhain/). Quick comparison of tripwire/AIDE vs Samhain:
- Daemon vs cron jobbed task,
- Can use inotify,
- Can be centrally managed (server - client paradigm),
- Can encrypt config and database,
- Can obfuscate own process argv[0],
- much, much more: please check documentation.

*Do note I'm not aware of Samhain being in any repo I would trust, but depending on the amount of servers involved, your skill set, available time for building packages and preferred software update methods it really isn't hard to use say the SuSE RPM spec and build (and maintain!) an RPM.


HTH
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tripwire vs. aide (cont'd) ibald Linux - Security 2 01-28-2013 04:00 AM
Aide or Tripwire? dman777 Linux - Security 22 05-02-2011 10:28 PM
Can someone post a sample aide.conf file here? For AIDE IDS abefroman Linux - Security 9 04-12-2008 09:18 AM
Tripwire on RedHat Enterprise Linux 3 AS fake116 Linux - Security 2 01-24-2006 07:05 PM
tripwire vs. aide ddaas Linux - Security 12 06-03-2005 12:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 12:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration