Jim Popovitch wrote:
OK, this would work. The problem for me is that it would involve turning the media r/w and updating the database every time I run apt-get to install security updates, which I do once a week. If I was running a large server farm and I was looking after it full time, this would be OK, but my situation is that I have two machines, both for personal use, and I don't want to have to devote my entire life to looking after the security on them. The machines are a laptop for general use, and a server which I use for testing and demonstrating small web-based projects I do for people on a voluntary basis. They are connected to the internet by ADSL, with only the server set to accept incoming connections.On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote:The difference is that:a) These all run on the live system they are trying to protect,Unless you configure them to only write to an offline mount point that is normally ro and only rw through external effort.... which is in Tripwire's best practices. -Jim P.
The other night, I had my laptop switched on and a sound file I had never heard before played through the speaker (it said 'hello' in someone else's voice). I'm assuming I've been cracked and it was someone's idea of a joke. I've halted the server in case that was their way in, and I'm planning to reinstall both my machines this week, but also looking for a more long term solution which I could put some time into now and save myself and anyone else who wants to use it a lot of trouble in the future.
What I'm looking for is a solution where I can do security updates every week, as my first line of defence, but then have a fallback way of detecting intrusions which I could run maybe every month, which doesn't need too much work to keep on top of it once it's been set up. I can probably find ways of improving my security using existing tools, but it occurred to me that the system I described would be a pretty watertight check on whether a system has been cracked, which is what I'm looking for.
andy baxter.