From owner-freebsd-security Tue Jun 18 17:12:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from maxlor.mine.nu (c-213-160-32-54.customer.ggaweb.ch [213.160.32.54]) by hub.freebsd.org (Postfix) with SMTP id 76A1A37B40B for ; Tue, 18 Jun 2002 17:12:42 -0700 (PDT) Received: (qmail 65758 invoked by uid 92); 19 Jun 2002 00:12:35 -0000 Received: from merlin.intranet (HELO ?10.0.0.16?) (10.0.0.16) by midgard.intranet with SMTP; 19 Jun 2002 00:12:35 -0000 Date: Wed, 19 Jun 2002 02:12:33 +0200 From: Maxlor To: Baldur Gislason Cc: "freebsd-security@freebsd.org" Subject: Re: preventing tampering with tripwire Message-ID: <30381786.1024452753@[10.0.0.16]> In-Reply-To: <20020618234139.D1F422744@tesla.foo.is> References: <20020618234139.D1F422744@tesla.foo.is> X-Mailer: Mulberry/2.2.1 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As I read that, I thought "Doh". Thats really pretty much the ideal solution... And if an attacker has physical access to my machine, well, he can do pretty much anything he wants anyway. Thanks! --On Dienstag, 18. Juni 2002 23:40 +0000 Baldur Gislason wrote: > use kern.securelevel 1 or higher and man chflags, set the tripwire binary > schg so it cannot be tampered with. Of course there's no such thing as > absolute security, but this moves you just a step closer. Unless the > intruder performs a reboot and makes his changes before the kernel > securelevel is raised on boot. > > Baldur To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message