Slashdot Mirror
FreeVeracity: Network Intrusion Detection
Ross Williams writes: "FreeVeracity
is a new free intrusion detection tool for free platforms (GNU/Linux, FreeBSD, NetBSD, OpenBSD, etc.) that uses cryptographic hashes to detect file changes that may indicate a network intrusion. FreeVeracity can be run standalone or in a client/server configuration (on TCP port 1062) that enables you to monitor the integrity of hundreds of computers from a single point. FreeVeracity is also an excellent general-purpose data integrity tool with over ten different applications. FreeVeracity is released by
Rocksoft,
vendor of the Veracity data
integrity tool used to secure the networks of leading global companies in finance, communications, transport, aerospace, power generation and
defence. FreeVeracity is released under the
Free World Licence
which provides all the usual free-software freedoms, but for free platforms only." Looks useful.
Had little johnny been smacked for h4xx0ring some cablemodem users' boxes, he wouldn't heve gone on to feel invulnerable enough to take on yahoo.com.
Law enforcement should target the lower levels of crackers rather than to react to panic when the problem crescendos into chaos at the higher levels.
They could've stopped the big cracking it before it ever started.
Am I the only one left who wants to keep govt's of the net? I don't see why it's needed. If it can be solved with tech, why let a bunch of people who are 95% clueless get power? Govt's are nice in meatspace, not here.
``But when the 6.02e23rd victim of the LOVEBUG emails them... they just don't care anymore.''
I agree that a common security hole won't cause a huge stir in the security world, however it is important to at least know how your machine was compromised. . . especially if you're not a security expert yourself. While they may not ``care'' per se, someone would be at least kind enough to point you in the right direction in terms of a solution.
Then again, it could be a new exploit that does need attention. You never know until the situation has been assessed by someone who knows what they're looking at.
They provide a way to remotely check the integrity of files. This is something that the latest commercial version of Tripwire does as well. While this is handy when you want to keep your eye on a few dozen or hundred machines it can easily be defeated by an intruder.
Data integrity tools are useless if they are running on a hostile environment. And the second the machine gets broken into thats what it is. The intruder can modify the kernel to return the right file content to the data integrity tool but not to anything else. He can shutdown the tool and replace it with one that reports everything is fine. Etc.
The only time you can know for sure that a data integrity tool is telling you the truth is when you have booted from clean media and are using file hashes that have been stored in read only media and could not have been tampered with.
Maybe every computer need a secure coprocessor running security software that can act independanly from the OS and primary CPU?
Now I know to block out port 1062 on my firewall. I can foresee hackers "monitoring my computer's integrity."
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
No I think he is calling it a Jeep, because people understand Jeep.
For linux get nmap. Then get knmap or nmapfe to provide a gui front end if you like. Nmap is the best *nic port scanner around.
Shameless Plug! If you like trance, tell me what you think!!
qmail is an excellent choice for securely replacing sendmail.
DJBDNS may be of some help.
ipchains is your friend...
The source is available, but it doesn't appear to work with the standard linux toolkit (gcc, make, configure, perl, etc.). It requires something called FunnelWeb (which appears to be some sort of literate programming aid) to build.
Since Funnelweb isn't already installed on my box and I'm too lazy to be bothered with it I guess that I'll miss out on FreeVeracity, at least until someone releases a version in straight C (something that appears to be permissible under the license).
daniel
All I needed to know in life I learned from
I think the reason that it's only 'free on free platforms' is that they still want to sell their commercial version, which is likely the same as the free version, without the 'Free' in the title.
Vintage computer games and RPG books available. Email me if you're interested.
Rocksoft isn't the first commercial software company to release a "free" version of their software. They're not even the first computer security company to do so. They're not even releasing a particularly interesting tool. And, looking at the license, they're not even open- source.
People in the open-source community work hard to bring tools that are more interesting than "Veracity" to market every day. I don't hear about the most recent release of FreeSWAN here, or the latest news on Nessus. I could probably to go Freshmeat and find several tools that do exactly what Veracity claims to do, too.
Of course, even if that Freshmeat fodder was a 0.0.1a-release written in Perl, it'd be more trustworthy to me than "Rocksoft's" proprietary stuff.
And, incidentally, "Veracity" isn't "network intrusion detection", at least not under the common definition. It's file integrity monitoring, and in this case it's distributed. Rocksoft seems enormously impressed by this fact, advertising their newly allocated TCP port number as if it was an endorsement from IANA.
"FreeVeracity", like this Slashdot article, is nothing more than advertising for a (lame) commercial product.
Give the story submitter a break. He's from the company that makes the product, he's problably been brainwashed into it... FreeVeracity this... FreeVeracity that... FreeVeracity and the kitchen sink... Trust me, I've done the same thing.
If you are modding me down because you disagree with me, use the "Flamebait" category, not the "Troll" one.
Fascinating.
The Free World License is hypocrisy itself on paper; a license can't be Open-Source if it's under a discriminatory license.
But this does lead to an interesting point: what if someone were to port this to Darwin? Darwin itself is Open-Source. However, if it runs on Darwin, then it should also run on OSX (the core of which is Darwin). But OSX isn't entirely Open-Source, only the core. However, one could say (and actually argue fairly well) that Darwin is really the operating system, and "OSX" is just Apple's value-added stuff on top of it. So is an OSX port legal or not?
Just something to think about.
----------
Hmmm... Two free pieces of software I can think of off the top of my head are Lynx and vim. Both are quite Mac friendly. But IIRC, both require you to use MPW to compile...
Vi IMproved: http://www.vim.org
Lynx: http://lynx.browser.org
Any other examples?
--Matt
My off-the-wall opinions are just that: mine. (Replace uppercase with correct symbols to get real email addy.)
chattr +i filename
this marks a file 'immutable' so that not even
root can modify it. Then as I understand it using
secure levels you can make it impossible to -i the
file without a (logged) reboot.
This reminds me of a paper I came across yesterday:
"Incremental Hashing With Application to Virus Protection" STOC '95 M. Bellare, O. Goldreich, S. Goldwasser
ftp://theory.lcs.mit.edu/pub/people/oded/
bgg-inc2.ps
It describes a signature scheme with an "incremental" or "fast update" property. They claim that this signature scheme is ideal for settings in which there's a very small amount of trusted memory and CPU available to a virus monitoring program.
Tripwire style IDS seems to be extremely similar.
Anyone implemented this sort of thing or know if it's being used in a commercial product?
I have a habit of trying to eliminate pronouns as they tend to lead to ambiguity, but I obviously overdid it in this case!
Hello. Rocksoft does not assert that FreeVeracity is the ONLY network intrusion detection tool that you'll need. You should still deploy all the boundary and packet based tools too. FreeVeracity is only part of the solution, as are most tools. So it's still correct to classify FreeVeracity as an intrusion detection tool.
Is anyone aple to explain why one should dump tripwire 1.2 for this product?
If it was said on slashdot, it MUST be true!
But I want... yes... VENGEANCE!!! Not to help make some 3rd party richer as a result of a wanton criminal's successful crime and my anguish at being violated. That's the leech talk of a lawyer... you BLOODSUCKER. You're not helping anyone. You're just sucking us both off.
When someone who logs in from one of 3 places repeatedly over several months suddenly starts showing up in the logs as logging from somewhere new or very far away, then you get suspicious.
what? free software on a mac? this is a first... almost anything useful i can find for macos is usually shareware/crippleware/etc.
in all seriousness, though, macintosh is a consumer based platform. the most likely reason that there is no free software for it is simply the fact that people who use that platform aren't interested in developing free commercial quality utilities in their spare time for fun (with is more of the case on free *nix based platform.) Therefore, it would almost be futile, at least for the time being, to release onto that platform.
Additionally, a fear many companies have with releasing source is that 'why would anybody pay for the product when the source is avaliable'. I know i would most likely have simular worries. This licence gives the developer a chance to both a) release the source to a community which would most likely go though it, find security problems, improve it, etc., and b) test the open source concept with a smaller group, while not 'risking' their main income (being the windows folks). Having a way to cautiously try open source before releasing everything open, as to assure themselves that it is a Good Thing, may be the key thing many companies need to disclose their code, which really helps us all. This is why i see this licence as a potentially good thing.
-legolas
(ps RMS ate my balls... i love GNU software, and i'm a fan of the GNU licence, which is what i release anything i make under it. And which is one of the reasons I run Linux instead of Windows. However, not everybody in the world is so 'enlightened' ;^)
i've looked at love from both sides now. from win and lose, and still somehow...
That's the leech talk of a lawyer...
How so? If my machine was compromised and I didn't understand how it was exploited, I would want to find out how it was done so I could patch the hole ASAP. If everyone else learns from it as well then all the more power to them. Security cannot be effectively developed by obscuring knowledge. And no, IANAL.
So, you get root on a computer running free veracity. You tell it to update the hash table and the admin is none the wiser. We prefer to call it deleting the log file.
They could have rootkit'd your box already, checking the integrity of files now is too late. My box was hacked within the first week of installing Linux (that was fun...). I just formatted and reinstalled the whole mess and this time turned off most all of the services, since I had no idea what the weak link was and what the hell they had done to it in the mean time.
Actually, it's not unlike some of the licenses that Microsoft provides with some of their beer-free add-ons. You're free to use the software, but only under Windows.
I can see why ESR and RMS don't like it.
A friend of mine uses the Windows programs Blackice and ZoneAlarm but I'm curious as what (preferably free) programs one can use to detect port scans and intruders under Linux and BSD?
I have heard of Tripwire. Does any one have any experience running that one?
Bruce
Bruce Perens.
Didn't know about aide, so I checked.
From a very fast scan, looks to me that aide lacks the 'networking' feature, which I think is basic in a product of this kind (even if the authors plan on adding it). Couldn't an attacker just rebuild the database after mangling your system files? How are you supposed to protect the hash database if not storing it elsewhere?
In this sense, this stuff seems better than aide. I don't think that using a custom port/protocol was the right choice anyway. I'd better stick with ssh/scp for obvious reasons.
Let alone the licensing...
13-4=54/6
I don't call my car a Chrysler/Toyota/American Motors Jeep*.
* - I believe that Jeep used Toyota transfer cases in their 90's model Cherokees and Grand Cherokees. That's a pretty important part of a 4WD vehicle, dontchathink
so , you are calling your car a Toyata, right?
after all you are naming your OS after only one important part.
Bruce Perens brought up the same issue, with regards to Gauntlet, in a rebuttal to Elias Levy @ SecurityFocus's article questioning the value of Open Source to security. Perens' point applies just as much to NFR as to Gauntlet: what incentive does the community have to do QA on Marcus Ranum's commercial software?
I realize this is a tangent, but many people have this misconception about NFR.
--
As a Mac and Linux user, I've thought a bit about the reasons for the lack of much free/open source software on the Mac.
Certainly, a major impediment is the fact that most Mac users aren't hackers but consumers who don't have much interest or ability in improving their software. I'm not sure what, if anything, can be done about this. I suppose another factor is that most development on the Mac is done using CodeWarrior or another commercial IDE, which further restricts the people who can do anything meaningful with the source to an application; I admit to not being the most knowledgable person in the field of Mac devlopment, but I don't know of any open source/free (speech) compilers on the Mac.
But I suspect that another main reason little free software is developed on the Mac is that people are unaware of it. I had been a Mac user for many years before I had even heard of 'free software' or 'open source', let alone understood why it was a good thing. It wasn't until I started using Linux that I became aware of such things; perhaps with the attention that Linux is receiving in the media, more people may be somewhat more aware of the free software movement, but most probably don't understand it more than superficially.
This is one reason I'm opposed to the Free World license. If we want to make more free software available, restricting it so that it can't be used by users of a non-free operating system won't help. By allowing everyone to use it, more people will be exposed to free software. They may only use it like any other program, which is necessarily a bad thing, but they might well learn more about free software and perhaps be influenced to write free software of their own or switch to a free operating system.
On an unrelated note, I also find it a bit troubling that the Free World license pages tout the fact that they were 'Denounced by Richard Stallman' and 'Rejected by Eric Raymond' as though those were things to be proud of...
Life is far too important to be taken seriously.
Ok, this looks like something worthwhile to try. Though I have a few questions. First, does anything it use run as root? It opens TCP port 1062 (accessible by normal users), but perhaps it needs root access to some other root-only system files (this would be my guess).
Also, does this sort of program work well with Portsentry? Also, it'd be nice if this FreeVeracity client program acted in a similar fashion to LogCheck by checking the syslog-generated files. Then you could use one program to monitor critical file changes, illegal port scans, attempted hack-ins, everything in one bag. Perhaps FreeVeracity provides more functionality than I'm assuming though. I'd like to hear what anyone has to say.
"The universe seems neither benign nor hostile, merely indifferent." --Carl Sagan
Well, from my point of view, having closed source software listening on an open port is unacceptable.
Protecting the database is clearly the cornerstone of any software of this type working. The way I do it is I keep the database on a (physically) write protected floppy. I have a cron job that runs the binary from this same floppy and emails the results to root. (I have even considered putting a second fdd in the system and physically cutting the WE line on the ribbon cable.)
Another alternative would be to burn the db out and then put it in a CD-ROM (note the "RO" in ROM.)
Or you could keep it on a floppy and check it by hand.
-Peter
The reason why it's V3.0 is because this first-ever release of FreeVeracity is directly derived from Veracity V3.0. Veracity is a commercial data integrity tool that has been on the market since 1994. I agree that FreeVeracity is only one part of the security solution. I believe that it is a very important part though because it's the part that will save you if all the other parts fail.
Explain the logical differences between your attitude towards this and -for example- someone breaking into your home and stealing stuff from you.
By your line of reasoning, the police really shouldn't be involved in any sort of break and enter or property crime. If you can't secure your residence, TS for you.
If the above is what you're implying (which I assume it's not, since you seem to think authorities should involve themselves with a certain size of entity (what's the cut-off by the way, 100k+ revenue per year? less/more?)) I certainly hope you're never in a position of power in any government.
Hello. I just want to say that the only reason I mentioned Veracity in my announcement was to make it clear that FreeVeracity was a derivation of an existing tested commercial product rather than being brand-new code that everyone was likely to spend the next few months debugging! I wasn't trying to sneak through an advertisement, but I'm not sad if it's ended up as one!
But shouldn't intrusion detection be at the point of entry? Open ports, terminals, ect? It seems to me that if you have these areas locked down, this may be overkill. Or am I missing the point?
The Free World Licence allows distributors to charge a copying fee just like the GPL. So this is a non-issue.
How does this program tell the difference between an intruder modifying files using a real/spoofed login and a normal user modifying his own files that he should be modifying? Or is this program not designed to catch that?
---------------
Yes! That guy!
The significant new thing is that FreeVeracity implements a new network service called an integrity server. This is a service just like FTP or HTTP or News or Email except that it serves integrity information in a standard form. There are very many ways of using an integrity server, just as there are many uses for FTP and mail. Security is just one application. An example of another application is the comparison of online and offline copies of a web. FreeVeracity defines a new multipurpose network service and provides a production-quality implementation for free platforms. As far as I know, no other software has taken this flexible well-defined new-network-service approach.
FreeVeracity sounds cool. FreeVeracity should be put on all my linux boxes. FreeVeracity might someday rival TripWire. FreeVeracity story submitters should learn to use pronouns. ;-)
It still makes sense to be a little paranoid. Securing a system from the beggining [i.e. open ports] is of course a good idea, but it is also a very good idea to catch any alterations after the fact.
...which uses a MD5 hash to check for alterations in files, for those of you who always wondered why /var/lib/rpm took up so much space
Still, there is always
rpm --verify -a
But, of course, rpm could be among the compromised files, if someone has hacked root on your system. But, of course, so could 'veracity', I imagine, although perhaps having it run remotely on a network could make things harder for an intruder.
--
man sig
---
the pen is mightier then the sword. the sword is mightier then the court. the court is mightier then the pen.
Thank you. This is my position too. I'm not advocating the Free World Licence as the best licence. It's just another licence, but it's one that (I believe) is usefully different from existing mainstream free software licences and which provides another option for those thinking of releasing software under a free licence.
Yet when my box is cracked and my credit card numbers stolen, etc., calling anyone (police, FBI, etc.) gets a "why are you bothering us? You're lucky we don't prosecute *you* for wasting our time with such trivialities." attitude?
Is cracking illegal or isn't it? Who do I report it to when I'm hit? What gov't/state/municipal entity defends me as defends amazon or CNN?
If you can form a concrete proposal for how the licence might be modified, I'll look at it.
Reminds me of Network Flight Recorder which used to be open source minus the signature files contributed by l0pht which were under copyright. I believe NetworkComputing magazine did a test on IDS systems a while back and found that many were not mature enough to depend on for security. Though allowing people to help with the project will go a long way in keeping it up to date.
Shine on, you crazy diamond.
How do they indend on enforcing this "Free World" license? If you've got source, you can port. If it's really free software, how can they stop you from distributing that port? "Oh, these windows ifdefs? Those are for running it under WINE, a bona-fide certified justified free software application that runs under free operating systems."
Doesn't this just become another shrink-wrap license? I think most of us are not idelogically opposed to copyright per se, but are opposed to selling things with strings attached, aka "licensed", because of the obnoxious power it gives vendors over how we use the things we buy. Even the GPL doesn't tell you how you must use a program, it simply says "give back what we hath given you".
This license is foul, for that reason, and because it almost seems to willingly encourage relegating free operating systems to the hobbyist niche. It basically says you can make a profit on your work through traditional licensing frees, and toss a bone to free software enthusiasists at the same time. But what happens to your profit when free operating systems become the norm? If your revenue model is dependent on selling to proprietary platforms, you've screwed yourself by promoting free platforms. So you won't promote those platforms. In fact, why even release a free version at all?
Founder's Camp
Founder's Camp
News for non-Nerds. Stuff that matters.
What's going on?
this approach has an interesting motivation - this way, they can experiment with open source on the more 'hackerish' OSs, while still maintaining their commercial customer base on the commercial systems.
This licence seems to be borrowing various parts from the GNU licence and the FSF licence. I think this is somewhat a good thing, because it gives us who like to tinker with the code a chance to get at it (and for free!) while not risking the majority of their income (from serious commercial vendors). Perhaps we may see this approach to opensource used more in the near future. and it may encourage more and more companies to release their source, which is kinda cool, i think. also, it could be a starting step for companies to start releasing source, between not-at-all and full-disclosure.
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
How is this single product announcement newsworthy? It's not even a marginally new category of product. So hard up for material that Slashdot posts random product launch press releases now?
I've finally had it: until slashdot gets article moderation, I am not coming back.
Without GNU, Linux would be a hacked clone of Minix. With GNU, it's a genuine alternative to other commercial/free Unix systems.
Give credit where credit is due, dumbass.
I'm sick and tired of this argument. I don't call my car a Chrysler/Toyota/American Motors Jeep*. I don't call my computer an Intel/Asus/WD/Esoniq/Advanced Gravis 466. I don't call my daughter Andrew/Vanessa Katie.
Yes GNU is a big part of Linux. You don't pollute the name of a product after the fact just because it was possible through a third (or fourth or fifth...) party.
If Linus called it GNU/Linux I may think otherwise. However he didn't, and I don't stroke other people's egos just because they feel that now that what they helped with is popular they should get some face time.
* - I believe that Jeep used Toyota transfer cases in their 90's model Cherokees and Grand Cherokees. That's a pretty important part of a 4WD vehicle, dontchathink?
without C, most GNU tools would not exist: do you call them C/GNU?
I could go on, but you get the message. You should take a course in linguistics and you'd realize that the morpheme "linux" has all of the meaning you prefer associated with it already. The morpheme pair "GNU/Linux", BTW, does contain an extra semantic bit in that it classifies the user as coming from a particular side of this debate. Therefore, it would actually be an error for that AC to use it if that is not her belief.
Before I start this, I should just state for the record that I am a very enthusiastic Debian user, and a wholehearted DFSG & FSF supporter.
I thought for a long time about writng a Free World style license, simply because I resented the fact that Windows users could take almost any Free code I wrote and use it, while I couldn't use closed source Windows programs with anything like the same degree of ease.
Ross Williams (author of the Free World license) states on his Free World pages that he sees the only difference between his approach to licensing and that of the GPL as "strategic". One approach to freeing the world's software is to exclude non-free platforms from using the free code base that we have created; the other is to entice users away from the proprietary software by showing them what wonderful free programs were available.
Eventually, I came round to agreeing with RMS on this. I guess the key points that convinced me were:
- You are restricting trapped users of non-free platforms in rather unpleasant ways
- More importantly, you are encouraging an incompatible world. This is not only an unpleasant situation, but it may be strategically very unwise for the free software movement...
I guess that having said those things, there could be some arguments for using this sort of license for "convenience" code, rather than "essential" code. If your application has no potential to be a source of incompatibility, then it could be acceptable to make it only avaialable to users of Free platforms.Fixing copyright
I'm curious.. I have simple scripts that, in conjunction with md5sum, do what these doo.
Summaries are generated using shell scripts, the results collected from all over the network and stored on a secure machine for later testing.
HOw is this even a 'product'?
FWL makes no sense. People charge for CD's. Therefore it can't be free can it? Some distribution methods are free? Others are not? Apple's Darwin is free. RedHat sells distributions of Linux with add ons that you cannot download. You have to purchase that distribution. So does it not qualify?
Cheers,
WFE
===========
However, I think the tripwire of the future will be a better service overall, simply because it will be under GPL (to my knowledge). This new FreeVeracity licence, plain stinks. If I'm a lowly University stuck with Irix, I really don't want to spend tons of money to get x86 boxes or buy this product. Free software should be free software, no matter what platform you're running on. And this sort of license really doesn't consider binary emmulation either...
Also my other beef is with this Network Intrusion Detection (IDS) brand that they are putting on it. To me it sounds like a bunch of hype. Sure it's a network service and it can talk to a central machine but that's a far cry from the standard IDS methods I know of. When I think of IDS, I think of known attacks that firewalls recognize or specific IDS machines in promiscous mode sniffing out the network. Sure it does help you quickly find out (like a standard IDS) whether you've been hacked or not, but it is a far cry from a standard IDS system.
I'd also be weary of installing this software and running it right away right now, especially for those who are concerned about security. This product hasn't been reviewed by the general public, the source code hasn't been fully audited. No one (except the company itself) has praised this product. I'd be really weary.
Oh yeah, it's GPL'd too.
FreeVeracity looks to be nothing more than a Tripwire clone that detects file changes on systems it's installed on. To use an analogy, it doesn't detect when your car has been stolen, but it goes off when the thieves try to repaint it.
If you're interested in checking out Snort, head over to www.snort.org and have a look around.
So now, with this program, i can log onto port 1062 and see what's been changed... hmm... writting a program to listen to port 1062 and say everything's a-ok... not too hard, i guess that'll be the next thing to add to rootkits...
---
I'm not ashamed. It's the computer age, nerds are in.
They're still in, aren't they?
---
I'm not ashamed. It's the computer age, nerds are in.
They're still in, aren't they?
I remember Mr. Taco mentioning on Slashdot Radio how he frequently receives "submissions" that are basically advertisements trying to get through as stories. I guess it was only a matter of time until someone fell for it.
Breakins to big-name sites make news. FBI catching perpetrators of those breakins makes news. Congress notices the news. Congress increases FBI budget for chasing computer-crime perps. Hence, it's about money.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Although a lot of people, including RMS and ESR, apparently are opposed to the Free World Licence, it has its place among the "free" licences:
There's the "free without restrictions" type of licences, e.g. the BSD licence, which basically let you do what you want with the software, including distribution of binaries without providing source. You can integrate it into proprietary projects without opening up your changes. It's for idealists who want to give away their code without asking for others to contribute back their improvements.
Then there's the "free with restrictions" kind of licences, e.g. the GNU GPL, which also let you do what you want with the software, but forbids distribution of binaries without source. You can't take it without giving back your changes. It's for pragmatists who want to give away their code while making sure it will remain free for all.
And now there's the "free only on free systems" licence, the Free World Licence, which is only free in the free parts of the software world. It's not Open Source because it's discrimination against non-free platforms which violates the Open Source Guidelines. However, it's useful for those who want to provide free software for users of free operating systems, but not to proprietary systems.
All three try to support Free Software in their own way. So which one is best? That's up to you, the creator of the software will choose whichever licence fits to their ideology best, and all are good at what they want to do! And in the Free Software World, there are more ways than one, as we all know...
(Or at least should know - never mind the flamewars, they are just a little drawback, the bright side is Freedom of Choice.)
-- Eavy (: Linux Is Not UniX
what's the point in a post-ownage detection system? once the cracker is in your box, your intrusion detection system is also sitting there waiting to be modified.
against good crackers, this system is worse than nothing as it will only give the admin a false sense of security. As far as I can tell, this would only be useful against the script kiddies and/or incomplete/interrupted jobs..
>The Open Group tried to do this with Motif. RMS >hated it. Read the linked-to /. stories for more >info.
Who cares what RMS likes or dislikes?
Mojo
But saying "If Linus called it GNU/Linux I might think otherwise" makes is sound as though you think it's the naming of the kernel (Linux) that's under discussion, which it isn't or that Linus is reponsible for the whole operating system, which he isn't. It gives the impression that you have no clue as to what what is being dicussed.
Linus created the kernel, this is true. I refer to Linux as the collective kernel and the distribution it's in.
If you want to badger the GNU organization about releasing GNU/Linux, that wouldn't bother me a bit and you'd have a valid point for calling it GNU/Linux. To date, however, GNU has not done this. Slackware has, Redhat has, Debian has, Suse has... you get the point. If I were to wrap the kernel around the Borland compiler and MKS utilities, what would you call it?
This whole GNU/Linux thing makes (oh balls, who is it? RMS? ESR? I can never remember) look like they're trying to grab hold to the fame of Linux after it got popular by tacking on the GNU and acting like a slobbering idiot everytime someone "forgets" to say GNU/Linux. My memory's not perfect, but I don't seem to recall what's-his-nuts emphatically defending the GNU/ in GNU/Linux until a few years ago, and that's what ticks me off. They were helping Linus out way before that.
Hopefully this is making some sense, I'm trying to type and watch my daughter at the same time, and not doing a very good job of either this early in the morning. :-)
Why is it that whenever [big internet site] is cracked, many 3 letter agancies "go after" the crackers with a great zeal and spend millions to try them, and sieze their hardware, and bar them forever from a career in computers....
Because they employ lots of people, have millions of credit card numbers, and take in more money in a day than you will in a year?
Yet when my box is cracked and my credit card numbers stolen, etc., calling anyone (police, FBI, etc.) gets a "why are you bothering us? You're lucky we don't prosecute *you* for wasting our time with such trivialities." attitude?
Because you are not wealthy, a big name, or important?
Is cracking illegal or isn't it?
Yes. And the great thing is that constitutional laws don't apply to cracking cases! Just ask Kevin Mitnick.
Who do I report it to when I'm hit?
A trained consultant, perhaps?
What gov't/state/municipal entity defends me as defends amazon or CNN?
None of them. That's where the private sector comes in. If you can't secure your Corel Linux box, it's not really the government's problem, now is it?
-- Floyd
-- Floyd
Freeveracity does not appear to be Open Source. I'm not sure I would be completely happy with loading onto my machines an application that I can't see the workings of, that opens yet another port for communication purposes. Even if it is an unprivileged port. I can just see this being a nice target for crackers....
If it's new, how come the version number is 3.0? Anyway, remember that security works best in layers, use TCP wrappers, a good firewall and possible even a Tripwire/Veracity like intrusion detection tools and you're relatively safe ( and remember to keep up with your distributions errata!).
If it's free only for free OS's, then it's non-free if you go by the Debian Free Software Guidelines (as I do).
I use Aide (http://www.cs.tut.fi/~rammer/aide.html,) and it does the trick. It isn't all "gee whiz" but it is VERY configureable. (for instance use any or all of about a half a dozen checksums.)
;-)
It is GPL, so you can run it on commerical boxes for free, too
So if you want to security policy to include "it should be an interesting [licensing] experiment" use this thing.
I'll stick to Aide, thanks.
-Peter
GNU/BSD/X11/MPL/Artistic/Linux? BIND, Apache, Sendmail .... are all, I believe BSD'd. These are some of the top reasons people actually use Linux...err, sorry. GNU/BSD/X11/MPL/Artistic/Linux. I'm not denying the contribution of the GNU utilities/FSF to Linux at all. And I'm not even saying that you should call it "Linux". But neither should it be referred to as "GNU" or "GNU/Linux". In fact, you might as well call the distribution of Linux, the entire OS, by the name which the distribution was created. Ie, you could call Mandrake 7.1....Mandrake 7.1 and Debian 2.2, Debian 2.2...and....Slackware 7...Slackware 7. No need to mention "Linux kernel" or "GNU utilities" or "BSD-licensed servers" or "MPL programs" or "Artistic programs".
No need."A few atoms won't even light a match" - Dr Jones, 1933
Ouch. That sucks. Well, now that an intruder has gotten root on your system, he may have installed all sorts of other backdoors, so you should wipe and reinstall. Otherwise he could come back, steal and trash your data, or worse, use your box as a proxy for cracking other systems.
The Open Group tried to do this with Motif. RMS hated it. Read the linked-to /. stories for more info.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
Hmm,
;)
why is this message moderated down? Isn't GreenPickles critisism valid? (I'm not a native English speaker
Sendy, pfoo...
GNU guru and mainframe hacker
Wow!
GNU guru and mainframe hacker
Oh, sneaky bastard. LOL
GNU guru and mainframe hacker
Bruce
Bruce Perens.
Just because I don't have .au on the end of my
domains doesn't mean that I'm pretending to be
American! .com and .org domains are
"international" and I want to build an
international company, not a South Australian one.
News Corporation is a South Australian company,
but we don't think of it that way anymore. :-)
I don't wear Australian Colours, because I see Australia as irrelevant to what I am setting out to do. It is not a salient component of the marketing mix. Neither will I hide Australian origins.
I don't feel the need to leave Australia to make any kind of statement because I don't feel the need to make a statement. I'd rather make a company. I plan to live in Australia personally, but ignore it professionally. :-) I'm very proud to
live in a democratic country that can be so easily
ignored!
I agree with many of the above posts, i.e.
- the whole story is blatant advertising
- their license is utter brain-space pollution
- this product is nothing even remotely new
- and untested, immature, opens a port (hole?), etc
But I do have to say: damn that's a NICE looking webpage!Kudos to your webmaster, Ross.
Shame on me for not running 'rhup' the moment I installed the machine.
sorry... that's the first thing that came into my mind with the subject of your post. =^)
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
That's not intrustion detection.
It's change detection, yes. System integrity, yes... but not an IDS.
Just like that rather neat linux kernel patch that locks off files and doesn't allow them to be changed isn't an intrusion detection system.. it's a change prevention system.
"This looks a whole heck of a lot like an Ad from Veracity, but the product still looks like it might be worthwhile to check out. Sorry for the blatant advertising in what's ostensibly an interesting technical story."
-=-=-=-=-
-=-=-=-=-
My mom's going to kick you in the face!