| JP Vossen on 10 Jul 2007 16:03:20 -0000 |
|
Date: Tue, 10 Jul 2007 06:24:15 -0400 From: Antony P Joseph <antony@panathara.org> Subject: Re: [PLUG] rpm -Va using apt = debsums To: Philadelphia Linux User's Group Discussion List > tripwire > http://sourceforge.net/projects/tripwire/ I knew I would forget to mention something... The problem with Tripwire, integrit, AIDE, Osiris, Samhain, [1] etc. is that you must do a baseline *before* you can verify. The advantage of using the packaging system is that that already contains a "baseline." The disadvantage is that it wasn't really meant to do integrity checking and is not cryptographically secure, etc. But it's better than nothing, it can be used with no prior preparation (as when you get that phone call from a friend, "Hey, something odd happened..."), and it may be useful if used as an additional *layer* of security. Thanks, JP [1] All of these are in the Debian Etch repo: http://www.tripwiresecurity.com/ http://integrit.sourceforge.net/ http://www.cs.tut.fi/~rammer/aide.html http://osiris.shmoo.com/ http://la-samhna.de/samhain/index.html ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- Microsoft has single-handedly nullified Moore's Law. Innate design flaws of Windows make a personal firewall, anti-virus and anti-malware software mandatory. The resulting software arms race has effectively flattened Moore's Law on hardware running Windows. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|