RE: Tripwire output on Solaris 2.7

From: Ed Arnold (era@ucar.edu)
Date: 10/16/01


Date: Tue, 16 Oct 2001 13:18:36 -0600 (MDT)
From: Ed Arnold <era@ucar.edu>
To: "McAllister, Andrew" <McAllisterA@umsystem.edu>
Subject: RE: Tripwire output on Solaris 2.7
Message-ID: <Pine.SOL.4.10.10110161255580.9406-100000@sedona.scd.ucar.edu>

On Fri, 12 Oct 2001, McAllister, Andrew wrote:

> Correct me if I'm wrong, but this was only a problem with the academic (1.3)
> release of Tripwire, no? The 2.x versions encrypt and sign database files,
> report files, policy files and configuration files. Did I miss an
> announcement that the 2.x versions of Tripwire are still susceptible to
> tampering?
>
> Andrew McAllister
> University of Missouri

All the 2.x versions (current is 2.4.0) support encrypted policy
and database. So all a cracker can do is delete them ... unless
you typed your public and private passwords over a cleartext link ...

TW-1.3 can be made "pretty safe" if you put your tripwire tree on
a switchable ro/rw disk. Making most external disks switchable
is a simple hardware mod. I have a software utility for switching
between ro and rw mode while the system (solaris 7 and up) is up and
running, if anyone wants it.