what to use instead of tripwire?
Göran Uddeborg
goeran at uddeborg.se
Mon Oct 13 15:09:51 UTC 2003
Paul Morgan writes:
> A sophisticated cracker who really wanted your system could conceivably
> root your box and install a rogue version of rpm to falsely report the
> rpm -V status of trojaned files as being ok.
Yes, I understood that. So I understand I would have to make a
removable medium with a kernel and the necessary programs and
databases which I could use to verify the integrity of my system.
> 1. unplug from the network
> 2. boot and test integrity using read-only media
> 3. make config changes
> 4. update integrity db and copy to cd-r
> 5. re-plug to network
That's what I thought. What I don't understand is what could break if
it was a CD-RW. I trust the kernel, rpm/tripwire program,
rpm/tripwire database, etc. which I have on the CD. And I obviously
must not run anything from the rest of the system during this
operation. So how could this be fooled if the media is read-write?
More information about the fedora-test-list
mailing list