From owner-freebsd-security  Tue Jun 18 21:57:48 2002
Delivered-To: freebsd-security@freebsd.org
Received: from hobbits.brel.com (hobbits.brel.com [203.127.231.61])
	by hub.freebsd.org (Postfix) with ESMTP id 416B337B404
	for <freebsd-security@FreeBSD.ORG>; Tue, 18 Jun 2002 21:57:43 -0700 (PDT)
Received: by hobbits.brel.com (Postfix, from userid 1001)
	id 8624E3316; Wed, 19 Jun 2002 12:57:40 +0800 (SGT)
Date: Wed, 19 Jun 2002 12:57:40 +0800
From: Calvin NG <calvinng@brel.com>
To: Eric F Crist <ecrist@adtechintegrated.com>
Cc: 'Klaus Steden' <klaus@compt.com>, 'Maxlor' <mail@maxlor.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: preventing tampering with tripwire
Message-ID: <20020619125740.L73593@brel.com>
References: <20020618194958.K99167@cthulu.compt.com> <000b01c2174a$a75d8d20$77fe180c@armageddon>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <000b01c2174a$a75d8d20$77fe180c@armageddon>; from ecrist@adtechintegrated.com on Tue, Jun 18, 2002 at 11:34:46PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Greetings,

  for me, I do a MD5 has of the files in /var/adm/tcheck/database, 
  plus keep a copy of the files offsite.

  ths MD5 lets me easily verify that the tripwire databases are
  still reliable, and I know I got a reliable copy somewhere if
  it happens to get compromised, or I got paranoia.  which ever 
  happens first  ;-)

Regards,
/calvin

lines with :> are quotes from Eric F Crist's email
:> AFAIK, you could use a simply floppy disk, possibly a secondary one if
:> you use the primary one (they're only like $20 US now a days...).  That
:> make the setting and un-setting of read-only fairly simple.
:> 
:> I don't remember how big tripwire (the executable) and its config files
:> are, or you *could* use a ZIP disk.
:> 
:> Eric F Crist
:> President/Sys Admin
:> AdTech Integrated Systems, Inc
:> http://www.adtechintegrated.com
:> 
:> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message