[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tripwire in bin-directory?



On Wed, May 24, 2000 at 10:29:19AM -0500, Ted Cabeen wrote:
> In message <[🔎] 392BF3DE.F860D5E9@interface-business.de>, Thomas Guettler writes:
> >Michael Meskes wrote:
> >> > With ztripwire the database and the binaries fit onto a 1.44MB floppy,
> >> > which
> >> 
> >> But only if your database is rather small. I ran out of space sometimes.
> >
> >yes, i exclude /home and /dev and directories containing docu.
> >BTW, why protect /dev at all?
> 
> Many rootkits like to drop setuid root shells in there among the device 
> files.  I have to exclude the entirety of /usr/share to get under 1.44MB.  

You could always format the floppy to a larger capacity, say, 1.72MB or
larger. I have done this in the past to hold my database.

> Anyone have a good example config for floppy tripwire?  I use bzip2 for 
> compression, which helps somewhat, but I still have to cut out way too much.  
> I really should get that remote tripwire system setup.

You should be able to go considerably larger than 1.44MB on a standard HD
floppy, perhaps as high as 1.9MB.

-- 
--Brad
============================================================================
Bradley M. Alexander                     |   Co-Chairman,
Beowulf System Admin/Security Specialist |    NoVALUG/DCLUG Security SIG
Winstar Telecom                          |   balexander@winstar.com
(703) 889-1049                           |   storm@tux.org
============================================================================
If the enemy is in range, so are you.
						--Murphy's Laws of Combat

Attachment: pgpRZkOwnuuOD.pgp
Description: PGP signature


Reply to: