Berkeley CSUA MOTD:Entry 38872
Berkeley CSUA MOTD
2017/09/26 [General] UID:1000 Activity:popular

2005/7/29-31 [Computer/SW/Unix, Computer/SW] UID:38872 Activity:kinda low
7/29    Has anybody deployed a "checksumming/file integrity infrastructure"
        across say ~100 *nix machines? Any recommendations for particular
        tools? Tripwire is garbage, and for various reasons I am thinking
        about moving away from veracity, which I am been using for a while.
        Considering looking at osiris and samhain. Would prefer something
        lean and old-school unixish (like one binary and one config file)
        rather than one of these "entrprise software system" type things
        with a large footprint and a lot of chrome. Tnx.
        \_ Not on 100 machines, but we ran fcheck for a while.  It was really
           resource intensive.  I moved to some one-or-two binaries C one
           ..i think the name started w/ an "a"  It worked pretty well.
           \- re: resouce intensiveness ... if the resources are 1. human time
              2. cpu 3. disk io, i think you can decrease #2 by using fletcher
              checksum instead of an expensive one like md5. not much you can
              do about disk io ... so a lot of it comes down to #1 ... it's
              key to have a config system flexible enough to not go crazy if
              somebody say nfs mounts a 300gig parition without factoring
              that into the configruation. as with intrusion detection
              systems in general, resourse and ability to minimize false
              alarms is what dictates success or failure in a practical
              sense. for me, chekcing the OS on a sun takes about 6-10 min.
              \_ The a____ program I switched to used less compute resources
                 because it:
                 a) used a weaker checksum
                 b) had internal optimized checksumming code (rather than
                    forking "md5sum" each time)
                 Both fcheck and it specified certain directories to scan and
                 didn't traverse mount points.
        \_ There was a discussion of this on one of my security lists a
           while ago--I have forwarded your question, and will forward
           what comes up if you tell me who you are.  So far someone has
           suggested  -John
           \_ That was the one.  --dbushong
              \_ How do you mean?  Does it work for you?  I'd be interested
                 in your experience with it as I've had clients with just this
                 kind of requirement.  -John
2017/09/26 [General] UID:1000 Activity:popular

You may also be interested in these entries...
2013/10/28-2014/2/5 [Computer/SW/Database] UID:54751 Activity:nil
10/28   Oracle software to blame for Obamacare website debacles:
        \_ Larry Ellison is a secret Tea Party supporter.
           Most of this article is bunk, btw. Boy are the Republicans
           getting desperate.
            \_ Umm, no.  Larry Ellison is a not so secret fascist.
2013/12/21-2014/2/5 [Computer/SW] UID:54759 Activity:nil
12/21   I was laid off and started filing for EDD for my weekly pay.
        I just got a job. Is there a form I need to file, or do I just
        stop filing out EDD to get my weekly pay? As a side note, how
        do they actually know I am working or not?
        \_ You just stop filing and they stop paying; you don't need to do
           anything else.  I don't know the internals of how they do things,
2014/1/14-2/5 [Computer/SW/Languages/C_Cplusplus] UID:54763 Activity:nil
1/14    Why is NULL defined to be "0" in C++ instead of "((void *) 0)" like in
        C?  I have some overloaded functtions where one takes an integer
        parameter and the other a pointer parameter.  When I call it with
        "NULL", the compiler matches it with the integer version instead of
        the pointer version which is a problem.  Other funny effect is that
        sizeof(NULL) is different from sizeof(myPtr).  Thanks.
2013/12/28 [Computer/SW/Security] UID:54760 Activity:nil
12/28   Happy holidays everyone.
        For some reason my work's ip address gets logged in /etc/hosts.deny and\
I cannot ssh in anymore from work
        (except from home where I can ssh in fine): anyone knows if this file is\
 auto-generated due to some event? Thanks
2013/3/24-5/18 [Computer/SW/Unix] UID:54638 Activity:nil
3/24    How are people transferring large files to one other person these days?
        When I need to send some videos to my parents, I upload them to
        my SpiderOak account, but they don't have anything like that,
        so I'm not sure how to get videos from them.  Does DropBox do this
        for free?
        \_ DropBox +
2013/4/9-5/18 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Apps, Computer/SW/Languages/Perl] UID:54650 Activity:nil
4/04    Is there a good way to diff 2 files that consist of columns of
        floating point numbers, such that it only tells me if there's a
        difference if the numbers on a given line differ by at least a given
        ratio?  Say, 1%?
        \_ Use Excel.
           1. Open foo.txt in Excel.  It should convert all numbers to cells in
2013/2/19-3/26 [Computer/SW/OS/OsX] UID:54611 Activity:nil
2/19    I program a lot by sshing to a Linux cluster.  So I'm used to using
        Xemacs to code.  This works fine from a Linux or Windows workstation,
        but sometimes I have to use a Mac.  On Mac, the meta is usually
        bound to option, but that often doesn't work over ssh for some reason.
        This makes using emacs a real pain.  Any suggestions on how to fix it?
        (Other than "use vi")
2012/12/18-2013/1/24 [Computer/SW/Languages/Perl] UID:54561 Activity:nil
12/18   Happy 25th birthday Perl, and FUCK YOU Larry Wall for fucking up
        the computer science formalism that sets back compilers development
        back for at least a decade:
        \_ I tried to learn Perl but was scared away by it.  Maybe scripting
           lanauages have to be like that in order to work well?
Cache (1100 bytes) ->
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more. There are other free replacements available so why build a new one? All t he other replacements do not achieve the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire. It creates a database from the regular expression rules that it finds fro m the config file. Once this database is initialized it can be used to v erify the integrity of the files. All of the usual file attributes can also be checked for inconsistencies. See the manual pages with in the distribution for further info. Below is a list of platforms peo ple are actually running AIDE on (That I know of). Please let me know if you are running aide on something else. First, make sure the bug stil exists in the current version from CVS (see below). org Disclaimer All trademarks are the property of their respective owners. No animals were harmed while making this webpage or this piece of softwar e Although some pizza delivery guy's feelings were hurt.