Re: checking system integrity

To: debian-devel@lists.debian.org
Cc: Debian Development liste <debian-devel@lists.debian.org>
Subject: Re: checking system integrity
From: Andreas Tille <tillea@rki.de>
Date: Fri, 9 Feb 2001 08:10:58 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.21.0102090805130.10038-100000@wr-linux02>
In-reply-to: <[🔎] 84ae7w77jk.fsf@snoopy.apana.org.au>

On 9 Feb 2001, Brian May wrote:

> Then again, looking at tripwire, I can't see what protects the
> tripwire executable from being tampered with either. I don't think it
> is possible unless you can mount it from some media that is guaranteed
> to be read-only (eg write protected floppy disk or read-only exported
> NFS).
I wouldn't trust NFS on a secure system.  I think protected floppy
disk or CD is better.  According to secure tripwire what about starting
tripwire from a script an the write-protected medium which compares
MD5 sum of tripwire first?

To one item of your initial question:  I don't know how tripwire
handles symlinks.  But storing MD5-sum of `readlink <symlink>` should
be sufficient in my opinion.
Anybody could find the time to check how tripwire handles this?

Kind regards

         Andreas.

Reply to:

Follow-Ups:
- Re: checking system integrity
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: checking system integrity
  - From: Brian May <bam@debian.org>

Prev by Date: Re: checking system integrity
Next by Date: Re: ITP: log2mail - sends email if a pattern in a certain logfile is matched.
Previous by thread: Re: checking system integrity
Next by thread: Re: checking system integrity
Index(es):
- Date
- Thread