Son To on Thu, 30 Sep 1999 16:41:38 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [Plug] RPM vs tripwire


On Thu, 30 Sep 1999, Darxus wrote:
> On Thu, 30 Sep 1999, Son To wrote:
> 
> > RPM does package verification. It compares the  size, MD5 sum,
> > permissions, type, owner and group of files.  Why would I use tripwire
> > instead of using RPM? What advantage does tripwire have over RPM?
> 
> Customized stuff in /etc ?

shouldnt customize stuff be in /usr/local?

> 
> Also, if you're going to use RPM for this, store a copy of the rpm
> program, and everything it depends on (libraries, data files) offline, so
> that they can not be hacked -- just like you would w/ tripwire, siggen,
> and the tw.db.  A hacker can't cover his tracks if they're on a floppy on
> your shelf.
> 
> I've been considering doing something similar w/ debian, as daily apt-get
> dist-upgrades would mean regenerating the tripwire database every day, and
> to do so securely, I'd have to go down to single user mode.  There's a
> program, I think called debsum, that at least verifies the mc5 summs of
> stuff from packages.  
> 
> Using rpm/debsum on your binaries & tripwire on your config files might
> work very well.  Just be sure you store everything you use offline (which
> could get obnoxious if you upgrade frequently).
>  
> __________________________________________________________________
> PGP fingerprint = 03 5B 9B A0 16 33 91 2F  A5 77 BC EE 43 71 98 D4
>             darxus@op.net / http://www.op.net/~darxus
>           Join the Great Internet Mersenne Prime Search
>                 http://www.mersenne.org/prime.htm
> 
> 
> 
> _______________________________________________
> Plug maillist  -  Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
> 


_______________________________________________
Plug maillist  -  Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug