Date: Sat, 12 Dec 1998 14:45:57 +0100 From: Eivind Eklund <eivind@yes.no> To: Charles Reese <reese@chem.duke.edu>, freebsd-security@FreeBSD.ORG Subject: Re: tripwire was Re: append-only devices for logging Message-ID: <19981212144557.O5444@follo.net> In-Reply-To: <1.5.4.32.19981211125822.006d10e8@chem.duke.edu>; from Charles Reese on Fri, Dec 11, 1998 at 07:58:22AM -0500 References: <1.5.4.32.19981211125822.006d10e8@chem.duke.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 11, 1998 at 07:58:22AM -0500, Charles Reese wrote: > let me know when I've been compromised. As the tripwire approach (MD5 etc.) > seems to be pretty solid it seems to boil down to how do you prevent > tampering with it and at the same time keep the machine maintainable without > having to go to single user mode? Answer: You put it in the kernel (including code to transfer it to another machine, with some algorithm to make the transfer non-modifiable - e.g, shared secret and hash), make _only_ the kernel immutable using the schg flag, and go to single user mode when you need to upgrade the kernel. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981212144557.O5444>