[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: checking system integrity

On 9 Feb 2001, Brian May wrote:

> Then again, looking at tripwire, I can't see what protects the
> tripwire executable from being tampered with either. I don't think it
> is possible unless you can mount it from some media that is guaranteed
> to be read-only (eg write protected floppy disk or read-only exported
> NFS).
I wouldn't trust NFS on a secure system.  I think protected floppy
disk or CD is better.  According to secure tripwire what about starting
tripwire from a script an the write-protected medium which compares
MD5 sum of tripwire first?

To one item of your initial question:  I don't know how tripwire
handles symlinks.  But storing MD5-sum of `readlink <symlink>` should
be sufficient in my opinion.
Anybody could find the time to check how tripwire handles this?

Kind regards


Reply to: