On Thu, Aug 14, 2008 at 10:51:56PM +0100, Adam Hardy wrote:
Adam Hardy on 13/08/08 10:27, wrote:
apt-cache show tripwire Description: file and directory integrity
checker Tripwire is a tool that aids system administrators and users
in monitoring a designated set of files for any changes. Used with
system files on a regular (e.g., daily) basis, Tripwire can notify
system administrators of corrupted or tampered files, so damage
control measures can be taken in a timely manner.
I don't have access to a floppy or cdrom drive - the server is hosted
somewhere at an ISP. I think any cracker would just re-run tripwire
if they found it installed.
The only suggestion so far is that I script a solution (or adapt existing ones).
Have you looked at harden-doc and its friends in archive. (Many are
virtual packages to lead you to the good tools) tripwire is just one of
the tools.
I do not think you need to have CDROM to be sure and your quick
scripting may not come close to tripwire which protect itself with
cryptographies.
Even for simple hush you do not need home made hush. Have you looked
at debsum? If a pakage is tampered, debsum gets updated and detectable.