From owner-freebsd-security Sat Dec 12 05:09:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA22195 for freebsd-security-outgoing; Sat, 12 Dec 1998 05:09:54 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fep04-svc.tin.it (mta04-acc.tin.it [212.216.176.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA22187 for ; Sat, 12 Dec 1998 05:09:52 -0800 (PST) (envelope-from molter@tin.it) Received: from nympha.ecomotor.it ([212.216.1.243]) by fep04-svc.tin.it (InterMail v4.0 201-221-105) with SMTP id <19981212130945.BLDM22548.fep04-svc@nympha.ecomotor.it> for ; Sat, 12 Dec 1998 14:09:45 +0100 Received: (qmail 568 invoked by uid 1000); 12 Dec 1998 13:03:03 -0000 From: "Marco Molteni" Date: Sat, 12 Dec 1998 14:03:03 +0100 (CET) X-Sender: molter@nympha Reply-To: Marco Molteni To: Thomas Valentino Crimi cc: freebsd-security@FreeBSD.ORG Subject: Re: tripwire was Re: append-only devices for logging In-Reply-To: <8qQVls_00YUq0lKqg0@andrew.cmu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 12 Dec 1998, Thomas Valentino Crimi wrote: [..] > This latest discussion has had me toying with the idea of an NFS > R/O mount for tripwire use [..] > in general I think that having to trust the kernel is a necessity. [..] > Where I begin to doubt is what to do for the network connection. I'm > uncertain how feasable an attack on the network is, but UDP mode seems > especilly volnerable to a hacked machine injecting data, I'm not sure > how NFS woudl react to this at all. > > It would appear to be a good medium security measure, a network attack > seems infeasable or at least easilly detectable were it to exist, > forwarding a TCP NFS over ssh is tempting, but then you have to trust > ssh (etc). Any comments on this? Your suggested scenario is: tripwire over ro nfs mount + trusted kernel, right? and you are worried about the network. So, what about using IPsec? IPsec is part of the kernel, and you don't need ssh. Marco --- "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" "I'm sorry, this is device driver testing: brain implants are two doors down on the right". (Bill Paul, on the freebsd-net mailing list) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message