Intrusion detection using something like Tripwire that conducts integrity checks through crypto'ed hash functions of files requires a scan and to hash the file and save this for later comparison. This process takes time so what files can we expect to be effectively protected from this and what files change too frequently to be safeguarded?
Asked
Active
Viewed 563 times
1 Answers
1
Typically default installations of host based IDS products like Tripwire, will come with a database/list of files protected. This will usually focus on things like configuration files and system binaries which change infrequently and not on things like application log files which do change frequently.
If you need precise data for that product I'd recommend looking at the vendors web site as they'll have more exact data for each OS that they work with.
Rory McCune
- 62,266
- 14
- 146
- 222