Date: Tue, 18 Jun 2002 23:34:46 -0500 From: "Eric F Crist" <ecrist@adtechintegrated.com> To: "'Klaus Steden'" <klaus@compt.com>, "'Maxlor'" <mail@maxlor.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: preventing tampering with tripwire Message-ID: <000b01c2174a$a75d8d20$77fe180c@armageddon> In-Reply-To: <20020618194958.K99167@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
AFAIK, you could use a simply floppy disk, possibly a secondary one if you use the primary one (they're only like $20 US now a days...). That make the setting and un-setting of read-only fairly simple. I don't remember how big tripwire (the executable) and its config files are, or you *could* use a ZIP disk. Eric F Crist President/Sys Admin AdTech Integrated Systems, Inc http://www.adtechintegrated.com -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Klaus Steden Sent: Tuesday, June 18, 2002 6:50 PM To: Maxlor Cc: freebsd-security@FreeBSD.ORG Subject: Re: preventing tampering with tripwire Read-only media is a good thing, too. It may be overkill (in the case of security, is there such a thing, though?), but you could re-purpose an old disk drive, add security tools you want to it, and jumper it read-only. That wouldn't necessarily prevent your database from being compromised, but your tools would be intact. With a read-only disk, I would ... - install the security tools you want on it - generate any baseline configuration data and signatures - make the disk physically read-only - run your nightly cron jobs, comparing your daily results against your read-only baseline. Of course, every time you upgrade something, you'll have to unjumper the disk, update your signatures, and rejumper it, but that's not really such a big deal when compared with what else you might have to do. :> Keeping known good copies of essential programs (ls, find, dd, netstat, route, ifconfig, mv, cp, df, etc.) on the read-only media is a good idea, too. You could accomplish this with CDROMs if you don't want to use a disk drive, but you lose the option of rewritability. hope this helps, Klaus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01c2174a$a75d8d20$77fe180c>