From owner-freebsd-security  Fri Dec 11 22:47:03 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA23709
          for freebsd-security-outgoing; Fri, 11 Dec 1998 22:47:03 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from roble.com (roble.com [207.5.40.50])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA23694
          for <security@FreeBSD.ORG>; Fri, 11 Dec 1998 22:47:01 -0800 (PST)
          (envelope-from sendmail@roble.com)
Received: from localhost (localhost [127.0.0.1]) by roble.com (Roble) with SMTP id WAA15937 for <security@FreeBSD.ORG>; Fri, 11 Dec 1998 22:46:51 -0800 (PST)
Date: Fri, 11 Dec 1998 22:46:51 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: security@FreeBSD.ORG
Subject: Re: tripwire was Re: append-only devices for logging
In-Reply-To: <199812120549.VAA18425@hub.freebsd.org>
Message-ID: <Pine.SUN.3.96.981211224050.15866A-100000@roble.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

James Wyatt <jwyatt@rwsystr.RWSystems.net> wrote:
> This is a *great* idea! I had set the BIOS to boot w/o floppy and written 
> the DB to a floppy I changed to R/O by hand. This has a limit of 1.44MB 

Except when the floppy has bad sectors, and a large percent of floppys
do, and sends the drive into an I/O loop that can't be fixed w/o a
reboot.

> how do you protect tripwire from modification? 

We keep the entire tripwire directory encrypted when not in use.

--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message