On Friday, 2000-12-22 at 00:11:38 +1100, Peter Eckersley wrote: > I understand the requirement for read-only media. Tripwire should give > me a "clean" snapshot of a system. But when I administer a machine, I > regularly make changes to the "clean" image. If I want tripwire to > track this, I must do the following every time I want to update the > system:
> 1. Reboot with a clean kernel > 2. Run tripwire with my read-only record > 3. Install my Debian packages > 4. Update my read-only record Have a look at (Free)Veracity. While the license may hurt an Open Source or Free Software activist's feelings, the tool seems todo what (probably not only) I have been missing in Tripwire - remote checks. The database can reside on a different machine. Given that Veracity offers a number of checksumming algorithms, it would be quite hard to fool it. I can still imagine a scenario how to defeat this, but it's definitely better than running tripwire with a mutable database, or having a trained monkey write-enable the floppy when needed. (Ay my clients, monkeys are in short supply.) Commercial/non-free Veracity is at http://www.veracity.com/ and Free Veracity is at http://www.freeveracity.org/ Lupe Christoph -- | [EMAIL PROTECTED] | http://free.prohosting.com/~lupe | | The equal opportunity democracy - every vote has an equal chance | | of being counted. Though a bad one if you live in Florida. | | Those people told us how to run a democracy ?!? |