[svlug] a problem with Tripwire...- another silly altnernative
alvin at planet.fef.com
Tue Oct 10 20:21:02 PDT 2000
hi ya tripwire-ers...
for the fun of it... why not use other options besides
or in addition to tripwire ???
- and yeah...i like tripwire-1.x....but...
i wrote something simple and fast ( 1 hr or so of playing )...
to do something similar... was done in fun... which turned
into something semi-useful
run check sums on the files i care about
and send me an email about binaries/config files i care abot
ie... call this script from cron ( hourly )...
initialize_chk-sum=`tar cvf - /etc/passwd /bin/login | sum `
echo $initialize_chk > /root/secure_sum.txt ( local tests )
echo $initialize_chk > /mnt/floppy ( save offline )
test = ` tar cvf - /etc/passwd /bin/login | sum `
if $test != `cat /root/secure_sum.txt `
raise the red flag and start looking
show whats different ???
shutdown thyself ???
have fun tripping...
- for a quickie...it works....sorta...within its limits/limitation...
> > Yes, Rick, I've seen the Why Not Tripwire page ....
> > I will be looking into AIDE, and I recently heard about something
> > called LIDS. Any other contenders?
> LIDS is not quite the same thing. It's a set of kernel modifications
> and related tools to implement a "Mandatory Access Control" system:
> That is, it's one of the attempts to graft the "capabilities" model onto
> Linux, whereby files/devices are accessible only to specific users'
> processes, important processes are hidden and therefore less subject to
> being killed off or tampered with, and alarms and (limited)
> countermeasures can occur in the event of compromise. This entails
> limitations on what even the root user will be allowed to do during
> normal operation.
> Unixes can't really fully support the capabilities model, because it
> doesn't have a fine-grained enough permissions system. For comparison's
> sake, here's a system being written from the ground up specifically to
> be able to support such a model: http://www.eros-os.org/
> You may also be interested in reading:
> Cheers, "Teach a man to make fire, and he will be warm
> Rick Moen for a day. Set a man on fire, and he will be warm
> rick at linuxmafia.com for the rest of his life." -- John A. Hrastar
More information about the svlug