[aclug-L] Re: What is tripwire?

[Jeff <schaller@xxxxxxxxxxxxx>]

On Sat, 20 May 2000, Michael Holmes wrote:

> What is "Tripwire?"  I tried to look in the RTFM and I looked
> at the how to's and did a locate, all nothing.

Well, you hit all the local resources; next I would suggest a
quick yahoo or google search :)  If you don't have a program
install, manpages won't be there, local HOWTOs won't be there,
HOWTOs on the 'net may not exist, and a 'locate' probably won't
show any real matches.

To answer your question, though, tripwire is a program that
basically holds a database of file "checksums"; this is so that
you can compare known-good versions of your file with current
versions, to ensure that they haven't changed.  It's a
double-edged sword: say you put /etc/passwd in it's database.
Now, when you add a user, tripwire will notice that the file's
changed.  But, it'd also throw a warning if/when a malicious user
adds a new root account.  Think of it as a combination
security/change-control mechanism.  Keep a couple things in mind
if you're going to use it:
1) You want to keep the database on a read-only medium
2) I'm not up-to-date on the algorithms used by tripwire, but
   simple checksums can be fooled.

-jeff
-- 
Do you realize how many holes there could be
if people would just take the time to take the dirt out of them?


-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi