Bastille and tiger
---------------------------- Original Message ----------------------------
Subject: Bastille and tiger
From: jmm19@humboldt.edu
Date: Wed, July 14, 2004 8:11 am
To: debian-firewall-request@lists.debian.org
--------------------------------------------------------------------------
Greetings friends,
1)I need to have bastille-firewall to start a boottime. I linked
/etc/init.d/bastille-firewall to /etc/rcd.2 I also linked to rcd.2 and
rcd.5 after a runlevel gave me 2. However, I don't see the script at
booting time starting automatically.
2)I don't know if this is an appropriate question for this list. If not I
need to know which list should be the better on for this question. Tiger
auditing report states that some files in /bin for example have a diffrent
md5sum than the ones installed. I initialized the tiger database previous
to that with a tiger -m -i successfully. After the report, I compared the
md5sum of chmod with a md5sum I had on another partition (copied from the
partition tiger is auditing) and the md5sums are
different.
2 points:
a) At one point, I pinned debian and had packages of different sources
(stable testing, unstable). Now my apt-sources contain ony stable. Could
this be the culprit for that report? Even after initializing the database?
b) Should I assume system compromise or false positive?
Thanks,
Joe M.
Reply to: