Date: Tue, 18 Jun 2002 19:49:59 -0400 From: Klaus Steden <klaus@compt.com> To: Maxlor <mail@maxlor.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: preventing tampering with tripwire Message-ID: <20020618194958.K99167@cthulu.compt.com> In-Reply-To: <27700541.1024450071@[10.0.0.16]>; from mail@maxlor.com on Wed, Jun 19, 2002 at 01:27:51AM %2B0200 References: <27700541.1024450071@[10.0.0.16]>
next in thread | previous in thread | raw e-mail | index | archive | help
Read-only media is a good thing, too. It may be overkill (in the case of security, is there such a thing, though?), but you could re-purpose an old disk drive, add security tools you want to it, and jumper it read-only. That wouldn't necessarily prevent your database from being compromised, but your tools would be intact. With a read-only disk, I would ... - install the security tools you want on it - generate any baseline configuration data and signatures - make the disk physically read-only - run your nightly cron jobs, comparing your daily results against your read-only baseline. Of course, every time you upgrade something, you'll have to unjumper the disk, update your signatures, and rejumper it, but that's not really such a big deal when compared with what else you might have to do. :> Keeping known good copies of essential programs (ls, find, dd, netstat, route, ifconfig, mv, cp, df, etc.) on the read-only media is a good idea, too. You could accomplish this with CDROMs if you don't want to use a disk drive, but you lose the option of rewritability. hope this helps, Klaus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020618194958.K99167>