[Plug-security] Something to look at.

[Gontran]

* Kit Plummer (kitplummer@qwest.net) wrote:
> Cool!  Though, I am not sure I understand why you would need the IS at
> the kernel level.  It seems like it makes more sense at the network
> level as the ISes are typically found vice tripwire.
[ ... ]

When this redhat box I ended up admining was rooted (not my fault, really ;p),
there were all kinds of weird modules loaded into the kernel to do 
funny sh*t that my IDS wouldn't know about, even if I'd had one installed. heh.
Neither would I have known for that matter, they had awful cryptic unreadable 
binary names.

Gontran