From owner-freebsd-security@FreeBSD.ORG  Mon Dec 13 09:47:24 2010
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0C0F7106566C
	for <freebsd-security@freebsd.org>;
	Mon, 13 Dec 2010 09:47:24 +0000 (UTC)
	(envelope-from ltning@anduin.net)
Received: from mail.anduin.net (mail.anduin.net [213.225.74.249])
	by mx1.freebsd.org (Postfix) with ESMTP id 7E6988FC08
	for <freebsd-security@freebsd.org>;
	Mon, 13 Dec 2010 09:47:23 +0000 (UTC)
Received: from 33.102.212.193.static.cust.telenor.com ([193.212.102.33]
	helo=[192.168.1.43])
	by mail.anduin.net with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.72 (FreeBSD)) (envelope-from <ltning@anduin.net>)
	id 1PS4IW-0006dR-P5; Mon, 13 Dec 2010 10:02:21 +0100
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=us-ascii
From: =?iso-8859-1?Q?Eirik_=D8verby?= <ltning@anduin.net>
In-Reply-To: <4D03A0D1.5070808@secnap.com>
Date: Mon, 13 Dec 2010 10:02:16 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <C34562A1-307A-4AB2-92BE-9717D44FE319@anduin.net>
References: <4CF511C7.3050702@secnap.net>
	<AANLkTin0BcdPyQDt=M+x3nXuCeF9JLeJ1FXuCViN9ufc@mail.gmail.com>
	<4D03A0D1.5070808@secnap.com>
To: Michael Scheidell <michael.scheidell@secnap.com>
X-Mailer: Apple Mail (2.1082)
Cc: freebsd-security@freebsd.org, Micheas Herman <m@micheas.net>
Subject: Re: any interest in tripwire commercial?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2010 09:47:24 -0000

On Dec 11, 2010, at 17:03, Michael Scheidell wrote:

>> Probably.
>>=20
>>> >  does everyone put 32 bit compatibility libraries in their amd64 =
builds?
>>> >  ______
>> Never, unless running cosed source software. It seems to triple your
>> attack surface area.
>>=20
> than the answer is "no' you would not want an i386 version since you =
need to put 32bit compatibility in if this is all tripwire supports.
> Sometimes, its easier to get a vendor to release compiled binaries if =
you tell them you can support:
> 7.1 - 8.x, i386/amd, with a single i386/32 bit binary.
>=20
> to tell them the need to maintain 8 versions is harder.
>=20
> doesn't really too much matter, It looks like only you and me are =
interested.  with that huge response, I guess its never going to happen.

It really depends what the final product would cost, if it would be =
supported and maintained on 64-bit 8.x, with future commitment to =
support 9.x. It also depends what added value this package would had =
compared to 'portmaster security/tripwire' or similar.

In any case we would be interested if this would provide significant and =
real (security/manageability) advantages compared to our current =
"freebsd-update IDS" model (no, not only freebsd-update IDS, but some =
added magic to make it a bit more resilient and reliable).

PCI DSS and other security standards specifically mention tripwire so it =
would make life easier if we could tick the box saying 'yes we use =
tripwire'.

/Eirik=