[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian audititing tool?

On Friday, 2000-12-22 at 00:11:38 +1100, Peter Eckersley wrote:

> I understand the requirement for read-only media.  Tripwire should give
> me a "clean" snapshot of a system.  But when I administer a machine, I
> regularly make changes to the "clean" image.  If I want tripwire to
> track this, I must do the following every time I want to update the
> system:

> 1.  Reboot with a clean kernel
> 2.  Run tripwire with my read-only record
> 3.  Install my Debian packages
> 4.  Update my read-only record

Have a look at (Free)Veracity. While the license may hurt an Open Source
or Free Software activist's feelings, the tool seems todo what (probably
not only) I have been missing in Tripwire - remote checks. The database
can reside on a different machine. Given that Veracity offers a number
of checksumming algorithms, it would be quite hard to fool it.

I can still imagine a scenario how to defeat this, but it's definitely
better than running tripwire with a mutable database, or having
a trained monkey write-enable the floppy when needed. (Ay my clients,
monkeys are in short supply.)

Commercial/non-free Veracity is at
and Free Veracity is at

Lupe Christoph
| lupe@lupe-christoph.de       |        http://free.prohosting.com/~lupe |
| The equal opportunity democracy - every vote has an equal chance       |
| of being counted. Though a bad one if you live in Florida.             |
| Those people told us how to run a democracy ?!?                        |

Reply to: