Re: checking system integrity
On Fri, Feb 09, 2001 at 08:10:58AM +0100, Andreas Tille wrote:
> On 9 Feb 2001, Brian May wrote:
> > Then again, looking at tripwire, I can't see what protects the
> > tripwire executable from being tampered with either. I don't think it
> > is possible unless you can mount it from some media that is guaranteed
> > to be read-only (eg write protected floppy disk or read-only exported
> > NFS).
> I wouldn't trust NFS on a secure system. I think protected floppy
> disk or CD is better. According to secure tripwire what about starting
> tripwire from a script an the write-protected medium which compares
> MD5 sum of tripwire first?
If the system has been compromised, you can't even trust executables on secure
media, as you can't be sure that you're actually executing what you think