[NTLUG:Discuss] rpm instead of tripwire?
Christopher Browne
cbbrowne at hex.net
Thu Dec 9 19:18:29 CST 1999
Matt Midboe wrote:
> Richard Cobbe wrote:
> > Are there any security problems with this that I'm overlooking? The rpm
> > executable, as installed, is already statically linked, so a modified or
> > Trojaned library wouldn't compromise this. The only problem I can see is
>
> Well rpm doesn't keep track of files like /etc/hosts.equiv, /.rhosts,
> /etc/passwd, /etc/hosts etc. Tripwire can watch those files. Also tripwire
> understands log files and has rules that allow them to grow and not generate
> false positives when they change. However you are right about rpm keeping has
hes
> on installed files as far as I know. You could take the file monitoring to th
e
> next level by having tripwire watch everything, and then having rpm monitor t
he
> tripwire application.
I think I'd use cfengine for this instead; it also has the merit of being
useful for controlling individual facilities, effectively providing a way for
the system to, at least to some degree, "heal itself."
--
"A touchstone to determine the actual worth of an ``intellectual'' --
find out how he feels about astrology." - Lazarus Long
cbbrowne at hex.net - <http://www.hex.net/~cbbrowne/lsf.html>
More information about the Discuss
mailing list