Will Dyson on Mon, 27 May 2002 03:55:46 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Unneeded programs running on startup


Bradley Molnar wrote:

tripwire is a firewalling type software.  I don't know too much more about
it than that.  It might only be intrusion detection.

Yep, only intrusion detection.

Specificly, tripwire builds a database of the checksums of all your files (actually, probably only stuff under /usr or whatever). It then periodicly checks the actuall files against this database. It informs you if any files have changed since the database was built.

This is usefull for reassuring yourself that nobody has broken into your machine and say, replaced your login binary with an evil version that collects passwords and mails them out to badguys. Of course, that assumes that the checksum database is stored on a medium that the cracker couldn't have changed to match the new binary (pehaps a cd-r or a removable drive with a physical write-protect tab).

Overkill for a home system, especially if you aren't running any network servers that could be subverted by crackers.

--
Will Dyson
"Back off man, I'm a scientist!" -Dr. Peter Venkman


______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug