AIDE/Tripwire
Tommy McNeely
tommy.mcneely at sun.com
Wed Aug 13 16:43:33 UTC 2003
Mr. Adam ALLEN wrote:
>On Wed, 2003-08-13 at 13:13, Leonard den Ottolander wrote:
>
>
>>Hi Tommy,
>>
>>
>>
>>>Maybe just setup a magic policy directory (ala /etc/tripwire.d ) .. that
>>>each RPM can drop its "specs" into and have the policy generated
>>>automatically or something..
>>>
>>>
>
>I think it's dangerous to automatically rebuild the database, but
>something like:
>
> - get the rpm to dump into /etc/tripwire.d
> - alert the user that they should run something like (or aide)
> tripwire --rebuild --parse-specs
> - it would probably be a safe idea to have RH sign the spec file, with
>the same key used to sign the RPM, and the only process files out of
>/etc/tripwire.d which can have their digital signatures verified. Users
>might trust the /etc/tripwire.d contents too much- which is why I think
>this step might be necessary.
>
Agreed.. you dont want anyone just dropping stuff into there
>
>Need to be really careful that my rpm doesn't drop in a new /etc/passwd.
>Since the specfile would list /etc/passwd as a file- would this instruct
>tripwire to re-calculate the checksums on /etc/passwd. (Which may have
>all the accounts deleted).
>
>Just a quick not-really thought through pitfalls that might exist.
>
>
Such are the pitfalls of trying to make this "easy" .. tripwire may no
be a feasable solution, but I was trying to suggest something that
reminded me of "logrotate.d"
>
>
>
--
Tommy McNeely -- Tommy.McNeely at Sun.COM
Sun Microsystems -- IT CTO
Phone/Fax: x51837 / 303-395-3361
More information about the fedora-test-list
mailing list