Re: Tripwire
* N. Raghavendra (raghu@mri.ernet.in) spake thusly:
> Hello debian-user,
>
> I have just installed the tripwire package. Two questions:
>
> 1. The directory /usr/lib/tripwire/databases was empty, so I
> created a database by doing 'tripwire -initialize'. It looks like
> this is a necessary step, because /etc/cron.daily tripwire says
> "do not run if there is no database file". I am puzzled about why
> there was no instruction to do this during the installation or in
> the README.debian file. Was I doing something unnecessary?
>
> 2. The file README.debian says, "Please make sure you make
> /usr/lib/tripwire a read-only mount point." How do I do this? (It
> is not a separate filesystem like /usr or /tmp.)
The idea is to have the database somewhere where Evil Hackers(tm) can't
get to it. How you do it depends on your level of paranoia: from simply
chattr +i /usr/lib/tripwire/databases/tw.db (lax security) to storing
the database on a write-protected floppy, or burning it onto a CDR
(paranoid setup). Presumably README refers to the paranoid option.
Dima
--
E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home)
http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key
I'm going to exit now since you don't want me to replace the printcap. If you
change your mind later, run -- magicfilter config script
Reply to:
- References:
- Tripwire
- From: "N. Raghavendra" <raghu@mri.ernet.in>