[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tripwire

* N. Raghavendra (raghu@mri.ernet.in) spake thusly:
> Hello debian-user,
> I have just installed the tripwire package. Two questions:
> 1. The directory /usr/lib/tripwire/databases was empty, so I
> created a database by doing 'tripwire -initialize'. It looks like
> this is a necessary step, because /etc/cron.daily tripwire says
> "do not run if there is no database file". I am puzzled about why
> there was no instruction to do this during the installation or in
> the README.debian file. Was I doing something unnecessary?
> 2. The file README.debian says, "Please make sure you make
> /usr/lib/tripwire a read-only mount point." How do I do this? (It
> is not a separate filesystem like /usr or /tmp.)

The idea is to have the database somewhere where Evil Hackers(tm) can't
get to it. How you do it depends on your level of paranoia: from simply
chattr +i /usr/lib/tripwire/databases/tw.db (lax security) to storing 
the database on a write-protected floppy, or burning it onto a CDR 
(paranoid setup). Presumably README refers to the paranoid option.

E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home)
http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key
I'm going to exit now since you don't want me to replace the printcap. If you 
change your mind later, run                         -- magicfilter config script

Reply to: