[NCLUG] tripwire
David W. Graham
dgraham at riverrock.org
Fri Nov 16 15:00:32 MST 2001
Michael Dwyer <mdwyer at sixthdimension.com> writes:
>
> It is possible that
> the same person who mucks with your binaries also mucks with Tripwire --
> for true security, it is suggested that you keep your tripwire
> signatures on a floppy in a safe or something...
For a headless server you can burn it to CD and leave the CD in the CD
drive.
Eric Dahlman writes:
>I might point out that if you don't know how to manage it it will be a
>royal pain in the future. The problem is that it will report any
>changes you make to your system so if you say update your system to
>ximian gnome then all 10 jillian files which were modified will show
>up in the next report. Until you figure out how to tell tripwire that
>the changes were all kosher it will send you a new 400k (maybe not
>that big) email every night. If you think that little message is
>annoying wait until you get the huge ones.
>I like to muck with my system and after a few battles with the effects
>of an xemacs recompile I just took it out of the crontab. It is
>really meant for use in a stable configuration.
Bassically stable configurations, such as servers, can benifit from
tripwire. We have decided to try it in our e-commerice server with the CD
option. We will use it to monitor the OS and not the website (which will
roll fairly often). Things are not set up yet, but I am looking forward to
giving it a go.
I suppose someone could always put in a trojen tripwire.:(
Dave Graham
More information about the NCLUG
mailing list