[aclug-L] Re: What is tripwire?
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Sat, 20 May 2000, Michael Holmes wrote:
> What is "Tripwire?" I tried to look in the RTFM and I looked
> at the how to's and did a locate, all nothing.
Well, you hit all the local resources; next I would suggest a
quick yahoo or google search :) If you don't have a program
install, manpages won't be there, local HOWTOs won't be there,
HOWTOs on the 'net may not exist, and a 'locate' probably won't
show any real matches.
To answer your question, though, tripwire is a program that
basically holds a database of file "checksums"; this is so that
you can compare known-good versions of your file with current
versions, to ensure that they haven't changed. It's a
double-edged sword: say you put /etc/passwd in it's database.
Now, when you add a user, tripwire will notice that the file's
changed. But, it'd also throw a warning if/when a malicious user
adds a new root account. Think of it as a combination
security/change-control mechanism. Keep a couple things in mind
if you're going to use it:
1) You want to keep the database on a read-only medium
2) I'm not up-to-date on the algorithms used by tripwire, but
simple checksums can be fooled.
Do you realize how many holes there could be
if people would just take the time to take the dirt out of them?
-- This is the discussion@xxxxxxxxx list. To unsubscribe,