Re: Debian audititing tool?
On Friday, 2000-12-22 at 00:11:38 +1100, Peter Eckersley wrote:
> I understand the requirement for read-only media. Tripwire should give
> me a "clean" snapshot of a system. But when I administer a machine, I
> regularly make changes to the "clean" image. If I want tripwire to
> track this, I must do the following every time I want to update the
> system:
> 1. Reboot with a clean kernel
> 2. Run tripwire with my read-only record
> 3. Install my Debian packages
> 4. Update my read-only record
Have a look at (Free)Veracity. While the license may hurt an Open Source
or Free Software activist's feelings, the tool seems todo what (probably
not only) I have been missing in Tripwire - remote checks. The database
can reside on a different machine. Given that Veracity offers a number
of checksumming algorithms, it would be quite hard to fool it.
I can still imagine a scenario how to defeat this, but it's definitely
better than running tripwire with a mutable database, or having
a trained monkey write-enable the floppy when needed. (Ay my clients,
monkeys are in short supply.)
Commercial/non-free Veracity is at
http://www.veracity.com/
and Free Veracity is at
http://www.freeveracity.org/
Lupe Christoph
--
| lupe@lupe-christoph.de | http://free.prohosting.com/~lupe |
| The equal opportunity democracy - every vote has an equal chance |
| of being counted. Though a bad one if you live in Florida. |
| Those people told us how to run a democracy ?!? |
Reply to: