Re: file permission question

From: f.johan.beisser (jan@caustic.org)
Date: 10/02/01


Date: Mon, 1 Oct 2001 21:34:13 -0700 (PDT)
From: "f.johan.beisser" <jan@caustic.org>
To: David Kirchner <davidk@accretivetg.com>

On Mon, 1 Oct 2001, David Kirchner wrote:

> On Mon, 1 Oct 2001, f.johan.beisser wrote:
>
> Running a file integrity check such as tripwire is also a good idea - as
> long as you run tripwire from a read-only floppy or something similar that
> is. :-)

excellent point, one that i totally flaked on. although, tripwire is only
semi-preventative, it's more of a manner of making sure that someone has
been able to change either binaries or directories on the server.

sadly, it can't help with changed files.

there are some excellent documents on 'hardening' your OS-of-choice out
there, including some on hardening FreeBSD. a quick google search should
turn some up.

i would suggest reading some of the infomation available on
SecurityFocus.com's site.

-- jan

-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan jan@caustic.org
   "if my thought-dreams could be seen..
       "they'd probably put my head in a gillotine"
             -- Bob Dylan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • RE: File Integrity Monitoring
    ... Tripwire should meet most people file integrity requirements, ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)
  • RE: MS binary integrity baseline
    ... Tripwire performs file integrity checks as well as registry checks, ... aware of a tool that Microsoft has that does this like rpm does for RedHat. ...
    (Focus-Microsoft)
  • RE: [Full-disclosure] Microsoft GhostBuster Opinions
    ... > runs a file integrity check on certain files and reports the ... > by a rootkit that's been designed to evade file integrity ... > checkers such as tripwire. ... new Microsoft products uses, but as people have stated, this can be done ...
    (Full-Disclosure)
  • RE: System Scanner versus Tripwire.
    ... Subject: System Scanner versus Tripwire. ... it monitors file integrity so if there is a change you will be ... Tripwire is not a scanner - it is a file integrity HIDS solution. ...
    (Security-Basics)
  • Re: [Full-disclosure] one of my servers has been compromized
    ... way to detect root kits properly, but that it obviously needs installing ... tripwire needs to be installed on a known-good system. ... re-run tripwire to report all changed files ...
    (Full-Disclosure)