[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tripwire in bin-directory?

In message <[🔎] 392BF3DE.F860D5E9@interface-business.de>, Thomas Guettler writes:
>Michael Meskes wrote:
>> > With ztripwire the database and the binaries fit onto a 1.44MB floppy,
>> > which
>> But only if your database is rather small. I ran out of space sometimes.
>yes, i exclude /home and /dev and directories containing docu.
>BTW, why protect /dev at all?

Many rootkits like to drop setuid root shells in there among the device 
files.  I have to exclude the entirety of /usr/share to get under 1.44MB.  
Anyone have a good example config for floppy tripwire?  I use bzip2 for 
compression, which helps somewhat, but I still have to cut out way too much.  
I really should get that remote tripwire system setup.

Ted Cabeen           http://www.pobox.com/~secabeen         secabeen@pobox.com
Check Website or finger for PGP/GPG Public Key           secabeen@uchicago.edu
"I have taken all knowledge to be my province." -F. Bacon  secabeen@cabeen.org
"Human kind cannot bear very much reality."-T.S.Eliot        cabeen@netcom.com

Attachment: pgpN3EFUijE44.pgp
Description: PGP signature

Reply to: