Re: checking system integrity
On 9 Feb 2001, Brian May wrote:
> Then again, looking at tripwire, I can't see what protects the
> tripwire executable from being tampered with either. I don't think it
> is possible unless you can mount it from some media that is guaranteed
> to be read-only (eg write protected floppy disk or read-only exported
I wouldn't trust NFS on a secure system. I think protected floppy
disk or CD is better. According to secure tripwire what about starting
tripwire from a script an the write-protected medium which compares
MD5 sum of tripwire first?
To one item of your initial question: I don't know how tripwire
handles symlinks. But storing MD5-sum of `readlink <symlink>` should
be sufficient in my opinion.
Anybody could find the time to check how tripwire handles this?