Date: Mon, 8 Dec 2003 10:50:02 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@freebsd.org Subject: Re: possible compromise or just misreading logs Message-ID: <Pine.GSO.4.58.0312081045300.15156@mail.ilrt.bris.ac.uk> In-Reply-To: <20031207204521.195E9DAC92@mx7.roble.com> References: <20031207200130.C4B1216A4E0@hub.freebsd.org> <20031207204521.195E9DAC92@mx7.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 7 Dec 2003, Roger Marquis wrote: > No production environment should be without Tripwire (1.3 is my > favorite version). With the right wrapper script > <http://www.roble.com/docs/twcheck>; and off-line backups it's > impossible to compromise a system without being detected. Unless there's another step you're not mentioning (eg, rebooting to an OS installed on a physically write-protected device, or remounting your drive on another machine with a trusted OS) "impossible" is probably too strong a term here. There's an implicit trust in using a system to integrity-hceck itself. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ We thought time travel was impossible. But that was now and this is then.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.58.0312081045300.15156>