Of course you would say there are firewall logs and the various system logs that you have meticulously configured through /etc/syslog.conf. Yes, these logs are keeping a tab and recording unwanted login attempts and File accesses. Nevertheless, what if your cracker managed to get around your file permissions that you erroneously set on the logs and edited the logs leaving no trace of the security breach. In such a situation, the only clue to the security breach would be the probable loss of data or failure of the running services, which had been the main aim of the cracker. Here is where your existing Security measures take a back seat and Intrusion Detection Systems take front stage.

We are not saying that your existing security systems are flawed or such. However, each Security system has been put in place with a different priority for its implementation and thus as a good security architect you would mix and match the best of both worlds, i.e. A good Firewall and a IDS system to take care of the baddies. There are various Intrusion Detection Systems available out there, to name a few good ones, Tripwire and Snort.

The UNIX security software product Tripwire is an effective tool for monitoring various file-system changes. Tripwire, as a security product is very portable, very useful and free. The use of an IDS along with a Firewall provides an effective baseline level of security. We not suggesting that these products alone will keep out any intruder, but they will keep out novices and provide important proof that a system has been hacked, if even by an expert.

What is Tripwire?

Tripwire gives you the ability to confidently determine system integrity. When initialized, Tripwire creates a file signature database, which it will compare to subsequently generated Tripwire databases producing a file-system modification report every time you run it to determine whether your System Security has been compromised.