The Toby intrusion detection system is a fairly complete reimplementation of tripwire-1.3 (ASR) into Perl. It mainains a database of file properties to detect alterations to those properties. It supports MD5 and SHA-1 checksums of the file contents. It features a configuration file which is actually a Perl script, with the attendant power, flexibility, and difficulty.
|Tags||Security Monitoring Systems Administration|
Release Notes: A few small bugfixes, and a new "--chroot" option which can be used during postmortem analysis of a compromised system.
Release Notes: Handling the updated URI::Escape module, and patching a few bugs relating to the escaping of special characters.