To
run a program such as Tripwire once at system build to get a file-integrity
baseline is cheap, easy, and smart. To run Tripwire every day is
costly because someone has to examine the results of the scan.
Stephen Northcutt,
Network Intrusion Detection: An Analyst's Handbook
|