Date: Wed, 19 Jun 2002 12:57:40 +0800 From: Calvin NG <calvinng@brel.com> To: Eric F Crist <ecrist@adtechintegrated.com> Cc: 'Klaus Steden' <klaus@compt.com>, 'Maxlor' <mail@maxlor.com>, freebsd-security@FreeBSD.ORG Subject: Re: preventing tampering with tripwire Message-ID: <20020619125740.L73593@brel.com> In-Reply-To: <000b01c2174a$a75d8d20$77fe180c@armageddon>; from ecrist@adtechintegrated.com on Tue, Jun 18, 2002 at 11:34:46PM -0500 References: <20020618194958.K99167@cthulu.compt.com> <000b01c2174a$a75d8d20$77fe180c@armageddon>
next in thread | previous in thread | raw e-mail | index | archive | help
Greetings, for me, I do a MD5 has of the files in /var/adm/tcheck/database, plus keep a copy of the files offsite. ths MD5 lets me easily verify that the tripwire databases are still reliable, and I know I got a reliable copy somewhere if it happens to get compromised, or I got paranoia. which ever happens first ;-) Regards, /calvin lines with :> are quotes from Eric F Crist's email :> AFAIK, you could use a simply floppy disk, possibly a secondary one if :> you use the primary one (they're only like $20 US now a days...). That :> make the setting and un-setting of read-only fairly simple. :> :> I don't remember how big tripwire (the executable) and its config files :> are, or you *could* use a ZIP disk. :> :> Eric F Crist :> President/Sys Admin :> AdTech Integrated Systems, Inc :> http://www.adtechintegrated.com :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020619125740.L73593>