| gabriel rosenkoetter on Thu, 30 May 2002 03:06:53 -0400 |
|
On Thu, May 30, 2002 at 12:05:30AM -0400, Jason Costomiris wrote: > tripwire != wasteful. > > Is there the slightest chance that this machine will ever have contact > with the Internet? There's always a chance of compromise. Tripwire's basically useless if you don't use it right, and most people don't. The statically-linked binaries and databases *must* live on removable--not just unmounted, that's no help--media, and you *must* verify regularly using this removable media. Any clueful attacker will clear an on-disk Tripwire database in such a way that you'll never know, and anyone not clued enough to notice Tripwire's installed will leave traces you won't need Tripwire to notice. That's a bit of an exageration, I suppose: an on-disk Tripwire might tip you off a bit sooner to a failed attack, especially if you're not otherwise monitoring your system properly, but it is in no way a real security measure. (Fwiw, I don't use Tripwire, but rather mtree(8), which has been in BSD sources since 4.3BSD Reno, so around June of 1990. I do run it automatically on-disk to check the system regularly--rather, all the free BSDs do by default--but I also keep it, along with some other security testing stuff, on a zip disk which I use to check changes on the system periodically.) -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpafEvY1yNDk.pgp
|
|