Hi James,

it depends totally on your OS and the applications running. E.g. for Solaris you might want to check files as who, last and other which hackers like to modify using file and md5 to detect any changes. If an apache is running you might like to see at least x httpd with procs ... And so on.

greetings rolf

Hello All,

I’ve just moved over my Big Brother monitoring to Hobbit

and I’m looking for suggestions for the files, ports, and

procs category. Are there any default recommendations?

Thanks….James

-- Mit freundlichen Gruessen Rolf Schrittenlocher

HRZ/BDV, Senckenberganlage 31, 60054 Frankfurt Tel: (49) 69 - 798 28908 Fax: (49) 69 - 798 28817 LBS: lbs-f at mlist.uni-frankfurt.de Persoenlich: schritte at rz.uni-frankfurt.de