RE: Tripwire output on Solaris 2.7
From: Ed Arnold (era@ucar.edu)Date: 10/16/01
- Previous message: Brian Cervenka: "Re: FW: Tripwire output on Solaris 2.7"
- In reply to: McAllister, Andrew: "RE: Tripwire output on Solaris 2.7"
- Next in thread: Simon Crowther: "Re: Tripwire output on Solaris 2.7"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Oct 2001 13:18:36 -0600 (MDT) From: Ed Arnold <era@ucar.edu> To: "McAllister, Andrew" <McAllisterA@umsystem.edu> Subject: RE: Tripwire output on Solaris 2.7 Message-ID: <Pine.SOL.4.10.10110161255580.9406-100000@sedona.scd.ucar.edu>
On Fri, 12 Oct 2001, McAllister, Andrew wrote:
> Correct me if I'm wrong, but this was only a problem with the academic (1.3)
> release of Tripwire, no? The 2.x versions encrypt and sign database files,
> report files, policy files and configuration files. Did I miss an
> announcement that the 2.x versions of Tripwire are still susceptible to
> tampering?
>
> Andrew McAllister
> University of Missouri
All the 2.x versions (current is 2.4.0) support encrypted policy
and database. So all a cracker can do is delete them ... unless
you typed your public and private passwords over a cleartext link ...
TW-1.3 can be made "pretty safe" if you put your tripwire tree on
a switchable ro/rw disk. Making most external disks switchable
is a simple hardware mod. I have a software utility for switching
between ro and rw mode while the system (solaris 7 and up) is up and
running, if anyone wants it.
- Previous message: Brian Cervenka: "Re: FW: Tripwire output on Solaris 2.7"
- In reply to: McAllister, Andrew: "RE: Tripwire output on Solaris 2.7"
- Next in thread: Simon Crowther: "Re: Tripwire output on Solaris 2.7"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
