[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: checking system integrity

On Fri, Feb 09, 2001 at 09:25:13AM -0600, Manoj Srivastava wrote:

> >>"Brian" == Brian May <bam@debian.org> writes:
> 
>  Brian> For example, what is to stop me, as the attacker, from replacing the
>  Brian> tripwire binary, so that it appears to do all the checks OK, but fails
>  Brian> to report any differences?
> 
> 	My solution to this eternal who shall watch the watcher
>  problem is to md5sum the database and the binary, and detach-sign
>  that file.  I verify the database and binary at random times
>  (basically, whenever I think about it).

Verifying the database is the easy part; it can be done completely offline, on
an isolated system.  The hard part is verifying the system against the
database, with a definitive answer as to whether anything has changed _or not_.

-- 
 - mdz
Reply to: