Contrasting BSIGN and TRIPWIRE

To: Debian-Devel <debian-devel@lists.debian.org>
Subject: Contrasting BSIGN and TRIPWIRE
From: Oscar Levi <elf@buici.com>
Date: Sun, 13 Dec 1998 21:16:56 -0800
Message-id: <[🔎] 19981213211656.A15537@hazel.buici.com>

I found tripwire...already in Debian %^).  You gotta love Debian.

Their stated goals intersect with bsign.  AFAICT, bsign is infinitely
simpler.  The signatures are stored in each file.  The scan for file
changes can be done with a simple script--I'll be writing a version of
one for the package.  Tripwire supports any file type.  Bsign will
support elf and any text file that has a comment prefix which should
suffice.  Tripwire has a license that prevents it from being free.
Bsign is GPL.

If there is support among Debian developers, I think we could use this
to sign all of our executables, libraries, and kernel modules.  

My next project is to implement version control for system
configuration files.  This can integrate with bsign, too, in that the
administrator can sign (bless) the edited config files as part of the
standard process.  If someone is really paranoid, he can use a
smartcard for signature generation and/or a NFS mount of the system
being adminstered to isolate encryption from a vulnerable system.

Reply to:

Follow-Ups:
- Re: Contrasting BSIGN and TRIPWIRE
  - From: Jason Gunthorpe <jgg@ualberta.ca>
- Versioned Conffiles was Re: Contrasting BSIGN and TRIPWIRE
  - From: John Lines <john@paladin.demon.co.uk>

Prev by Date: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Next by Date: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Previous by thread: Re: Intent to package IMP
Next by thread: Re: Contrasting BSIGN and TRIPWIRE
Index(es):
- Date
- Thread