From owner-freebsd-security  Fri Dec 11 04:16:56 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA28220
          for freebsd-security-outgoing; Fri, 11 Dec 1998 04:16:56 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA28196
          for <freebsd-security@FreeBSD.ORG>; Fri, 11 Dec 1998 04:16:50 -0800 (PST)
          (envelope-from fpscha@ns1.sminter.com.ar)
Received: (from fpscha@localhost)
          by ns1.sminter.com.ar (8.8.5/8.8.4)
	  id JAA25395; Fri, 11 Dec 1998 09:14:33 -0300 (GMT)
From: Fernando Schapachnik <fpscha@ns1.sminter.com.ar>
Message-Id: <199812111214.JAA25395@ns1.sminter.com.ar>
Subject: Re: tripwire was Re: append-only devices for logging
In-Reply-To: <Pine.LNX.3.91.981210205800.4831A-100000@rwsystr.RWSystems.net> from James Wyatt at "Dec 10, 98 09:42:25 pm"
To: jwyatt@rwsystr.RWSystems.net (James Wyatt)
Date: Fri, 11 Dec 1998 09:14:32 -0300 (GMT)
Cc: reese@chem.duke.edu, freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

En un mensaje anterior, James Wyatt escribió:
> On Thu, 10 Dec 1998, Charles Reese wrote:
> > Can tripwire be modified to compare two databases rather then one data base
> > and the current files?  I ask because I monitor some systems remotely and I
> > would like to be able to automatically generate a tripwire database on the
> > remote system, ftp it to my local site and compare it with a previously
> > created database that I have stored here on read-only media.  It is not
> > possible for me to use read-only media on the remote machine.
> 
> This is a *great* idea! I had set the BIOS to boot w/o floppy and written 
> the DB to a floppy I changed to R/O by hand. This has a limit of 1.44MB 
> or 2.88 MB, depending on how much you spend for a floppy drive. I guess a 
> zip disk would work too, but I was given a parallel zip which seems to be 
> unsupported on FreeBSD. 8{(

Also, you can use ssyslog to send (encripted) your logs to a "safe 
machine". This is usefull if you are planning to protect logs from more 
than one box.

ssyslog can be found on http://www.core-sdi.com/ssyslog


Regards! 

Fernando P. Schapachnik
Administracion de la red
S&M International SA

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message