AIDE Agony
When it comes to host-based intrusion detection I’m most familiar with the Tripwire OpenSource Edition, while shopping around for a HIDS to deploy on a play box I decided to try AIDE. And got stopped at one of the first hurdles.
Tripwire has an interactive update mechanism, it runs a scan (based on your config file) and then prompts you to except, reject or mark changes as pending - within one operation.
Read on →