[NCLUG] tripwire

[Michael Dwyer]

Daniel Herrington wrote:
> I get errors emailed to root that say something about a cron job for
> tripwire failing because I haven't initialized tripwire.  Why would I
> want to initialize it? (besides getting rid of that email. ;-)  Is it
> really that beneficial?

Tripwire watches for system files to change.  It is mostly a security
tool.  It is able to alert you if someone, say, installs trojaned SSH or
login binaries.  That said, it is beneficial.  On the other hand...

 o If you use RPM, then RPM's Verify option does much the same thing
 o It is only as good as its initialized database.  It is possible that
the same person who mucks with your binaries also mucks with Tripwire --
for true security, it is suggested that you keep your tripwire
signatures on a floppy in a safe or something...

It wouldn't hurt to initialize it, certainly.  And if you are dedicated
to maintaining it, it is certainly good insurance against both security
issues and Oopses on the part of the root user.