On Wed, May 24, 2000 at 10:29:19AM -0500, Ted Cabeen wrote: > In message <[EMAIL PROTECTED]>, Thomas Guettler writes: > >Michael Meskes wrote: > >> > With ztripwire the database and the binaries fit onto a 1.44MB floppy, > >> > which > >> > >> But only if your database is rather small. I ran out of space sometimes. > > > >yes, i exclude /home and /dev and directories containing docu. > >BTW, why protect /dev at all? > > Many rootkits like to drop setuid root shells in there among the device > files. I have to exclude the entirety of /usr/share to get under 1.44MB.
You could always format the floppy to a larger capacity, say, 1.72MB or
larger. I have done this in the past to hold my database.
> Anyone have a good example config for floppy tripwire? I use bzip2 for
> compression, which helps somewhat, but I still have to cut out way too much.
> I really should get that remote tripwire system setup.
You should be able to go considerably larger than 1.44MB on a standard HD
floppy, perhaps as high as 1.9MB.
--
--Brad
============================================================================
Bradley M. Alexander | Co-Chairman,
Beowulf System Admin/Security Specialist | NoVALUG/DCLUG Security SIG
Winstar Telecom | [EMAIL PROTECTED]
(703) 889-1049 | [EMAIL PROTECTED]
============================================================================
If the enemy is in range, so are you.
--Murphy's Laws of Combat
pgpPezCCp6M9n.pgp
Description: PGP signature
