Re: what to use instead of tripwire?t

[Alan Cox <alan redhat com>]

> For that matter, it can be easily bypassed by a modified RPM database or 
> binary.
> It's a useful check against corruption, but probably not skilled & 
> determined deliberate modification.

Just like tripwire.

Short of physically powercycling, verifying the BIOS and device ROM
checksums match, inspecting the hardware for modifications and trusting
the device vendors you don't get far.

The signed tripwire database for example is worthless unless you boot
off a trusted kernel to process it using only trusted binaries.