Date: Wed, 10 Aug 2005 11:08:44 +1000 From: Joel Hatton <freebsd-questions@auscert.org.au> To: freebsd-questions@freebsd.org Cc: Bret Walker <bret-walker@northwestern.edu> Subject: Re: Tripwire Policy File and 5.4 Message-ID: <200508100108.j7A18iMK092309@app.auscert.org.au> In-Reply-To: Your message of "Tue, 09 Aug 2005 14:49:50 EST." <42F908DE.8030101@northwestern.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> > The policy file looks to be updated for 5.x systems now. Tripwire's back. I'm not so convinced of that - after a cvsup of ports overnight, this remains: # ll /usr/ports/security/tripwire/files/twpol.txt -rw-r--r-- 1 root wheel 20651 Mar 5 2002 /usr/ports/security/tripwire/files/twpol.txt Last time I tried, Tripwire was still unable to perform an interactive update, which is no great inconvenience but doesn't really inspire confidence. The only improvement I've noticed since the first 5.x is that it at least compiles now - given the lack of effective replacements for Tripwire this is the least we could expect. Not being able to package this port has been a real trial, however, and I don't believe that it wouldn't be possible with a bit of consideration - no, I'm not volunteering right now as more important things are pressing me. I have adapted my own policy/config file and periodic script to run with output in the daily security email - I'm happy to post these if anyone is interested. cheers, joel -- Joel Hatton -- Security Analyst | Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscert@auscert.org.au
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508100108.j7A18iMK092309>