Date: Sat, 12 Dec 1998 09:18:49 -0500 From: Charles Reese <reese@chem.duke.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: tripwire was Re: append-only devices for logging Message-ID: <1.5.4.32.19981212141849.00754fb8@chem.duke.edu>
next in thread | raw e-mail | index | archive | help
At 02:45 PM 12/12/98 +0100, you wrote: >On Fri, Dec 11, 1998 at 07:58:22AM -0500, Charles Reese wrote: >> let me know when I've been compromised. As the tripwire approach (MD5 etc.) >> seems to be pretty solid it seems to boil down to how do you prevent >> tampering with it and at the same time keep the machine maintainable without >> having to go to single user mode? > >Answer: You put it in the kernel (including code to transfer it to >another machine, with some algorithm to make the transfer >non-modifiable - e.g, shared secret and hash), make _only_ the kernel >immutable using the schg flag, and go to single user mode when you >need to upgrade the kernel. > >Eivind. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > > Sound like a great idea to me, the programming is over my head though. Do we have a volunteer? :-) Cheers Charlie Reese One Unix to Rule them all, One Resolver to Find them, One IP to Name them all, In the Zone that Binds them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1.5.4.32.19981212141849.00754fb8>