what to use instead of tripwire?t
Owen Taylor
otaylor at redhat.com
Mon Oct 13 15:25:40 UTC 2003
On Mon, 2003-10-13 at 07:54, Göran Uddeborg wrote:
> Owen Taylor writes:
> > Any method that doesn't involve booting from a read-only medium
> > and checking against data on that read-only medium is basically
> > only proof against casual/incompetent intruders.
>
> Why would the medium have to be read-only? Wouldn't it be enough that
> one boots from this trusted medium and only uses binaries from it? (I
> assume of course the medium is not present when not booted from.)
Yeah, as long as the media is never in the drive when the system is
running normally, it doesn't really need to be read-only.
(Read-only may be harder to ensure these days then it was in the days
of floppies and CD-ROM drives.)
Regards,
Owen
More information about the fedora-test-list
mailing list