From owner-freebsd-security Fri Sep 17 6:31:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from isiproxy.insolwwb.net (isiproxy.insolwwb.net [208.150.248.1]) by hub.freebsd.org (Postfix) with ESMTP id A7CBA14A08 for ; Fri, 17 Sep 1999 06:31:21 -0700 (PDT) (envelope-from mgrommet@isiar.net) Received: by ISIMAIN with Internet Mail Service (5.5.2448.0) id ; Fri, 17 Sep 1999 08:30:08 -0500 Message-ID: <7011ACE3864AD31183E50008C7FA081F01D4D0@ISIMAIN> From: Michael Grommet To: "'Harry M. Leitzell'" , 'Brett Glass' Cc: 'Liam Slusser' , 'Kenny Drobnack' , "'security@FreeBSD.ORG'" Subject: RE: BPF on in 3.3-RC GENERIC kernel Date: Fri, 17 Sep 1999 08:29:15 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just to add my 2 cents worth, I've always been able to store the tripwire database on a floppy, physically write protected :) I suppose if you had lots and lots of files for tripwire to keep track of, this wouldnt work, but hey, even if someone is more advanced than your average script kiddie, they still won't be able to overwrite the info. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Harry M. Leitzell Sent: Thursday, September 16, 1999 8:28 PM To: Brett Glass Cc: Liam Slusser; Kenny Drobnack; security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel No offense, but tripwire is really a bit overrated except if the person is a script child and hasn't a clue as to what to do. If tripwire hasn't been set up with the db set on a readonly disk partition and you gain root, you can set up a KLM to change the db on the fly. On Thu, 16 Sep 1999, Brett Glass wrote: > At 04:14 PM 9/16/99 -0700, Liam Slusser wrote: > > >Right...but if the system was hacked what would stop the hacker from > >building BPF in a kernel? > > securelevel=2 or securelevel=3. > > Or Tripwire. > > --Brett > > > [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] Harry M. Leitzell - Harry_M_Leitzell@cmu.edu Carnegie Mellon University Finger for PGP Public Key [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message