RE: Tripwire output on Solaris 2.7

From: McAllister, Andrew (McAllisterA@umsystem.edu)
Date: 10/12/01 

Message-ID: <0446E3CEA580B2449829336B03DC259B7305@um-mailnode1.um.umsystem.edu>
From: "McAllister, Andrew" <McAllisterA@umsystem.edu>
To: focus-sun@securityfocus.com
Subject: RE: Tripwire output on Solaris 2.7
Date: Fri, 12 Oct 2001 08:51:31 -0500

> -----Original Message-----
> From: Darren J Moffat [mailto:Darren.Moffat@eng.sun.com]
snip
>
> Also don't keep the tripwire databases online, by doing so you are
> completely wasting your time running tripwire because all the hacker
> has to do is modify the tripwire database.
snip
Lots of folks are recommending that Tripwire DB files be kept off-line or on
read-only media.

Correct me if I'm wrong, but this was only a problem with the academic (1.3)
release of Tripwire, no? The 2.x versions encrypt and sign database files,
report files, policy files and configuration files. Did I miss an
announcement that the 2.x versions of Tripwire are still susceptible to
tampering?

Andrew McAllister
University of Missouri

Relevant Pages

  • Re: Tripwire output on Solaris 2.7
    ... Tripwire output on Solaris 2.7 ... Minor nit to start with there is no such thing as Solaris 2.7 it Solaris 7, ... Also don't keep the tripwire databases online, ... completely wasting your time running tripwire because all the hacker ...
    (Focus-SUN)
  • Re: How do I use tripwire?
    ... > What's wrong with Mandrake's built in firewall config tool that you ... Tripwire has nothing to do with firewalls, ...
    (comp.os.linux.security)
  • Re: Port 32768/tcp
    ... Integrity checking objects specified on command line... ... 32768/tcp and named rpc.statd is the same that Tripwire has checked ...
    (Focus-Linux)