Detecting Attacks in Progress: Intrusion Detection

Not only are there tools for limiting network access, but there are also tools for detecting an attack in progress. These tools are known as intrusion detection tools. We will look at Tripwire, PortSentry, and Snort.


Tripwire is a utility that monitors the integrity of important files or directories. It stores information in a database about files and directories that you've specified. You can then use Tripwire to check whether there have been any changes to your files. It checks the current state of the files against the information in its database.

There is an open source version of Tripwire available at A patched version that runs on Mac ...

Get Mac OS® X Tiger™ Unleashed now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.