On Sun, 2003-01-05 at 08:57, Lorne wrote: > On Sunday 05 January 2003 12:32 am, Jack Coates wrote: > > I just so happen to be a certified Tripwire something-or-other, which > > means that an employer or two ago I was sent to a class and took a test. > > They do sell a nifty GUI for managing policies; however, said GUI > > promptly drops you into the text editor of your choice if you want to > > change the policy instead of manage it or report on violations or > > something. > > > > Tripwire is the best thing going if you've got 2500 servers rolled from > > about five or ten gold images to keep an eye on. For the average home > > hack, the nightly rpm -aV that msec gives you is just plenty. Managing > > Tripwire on a desktop is the kind of annoyance I don't need. > > > Hmmm... good info indeed. Actually I wanted to set it up on my mandrake > firewall box. I was playing with it on my regular linux box to get an idea of > what I was up against. It is looking like there is no easy answers. It sure > does seem that part of the tool of tripwire would be to make up the config > file for a system. I'm sure there is a good reason not to, but I can't > imagine what it is.
Now you know why rates for security analysts are so high :-). It's not impossible to do, it's just very very tedious and requires a very good knowledge of your system. For a firewall it's reasonable because the system is so constrained, and it's certainly worth doing if you can spare an evening or two. Another approach that I like a lot for a firewall is LEAF. http://www.monkeynoodle.org/lrp/LRP-why.html for the reasons why. > > > On Sat, 2003-01-04 at 23:24, James Sparenberg wrote: > > > Lorne, > > > Good luck setting up tripwire is enough of a pain that I would bet > > > MDK could up the price $10 US a box if they only were to add a working > > > tripwire policy file *grin* (In fact it's so much of a pain I've been > > > trying for 12 months just to find the time... no such luck every time I > > > start MDK updates the distro.) > > > > > > James > > > > > > On Sat, 2003-01-04 at 22:44, Lorne wrote: > > > > Thanks. I've been playing with it for an hour or so. No luck yet, but > > > > it does look promising. > > > > > > > > On Saturday 04 January 2003 10:37 pm, James Sparenberg wrote: > > > > > Haven't used it but I know it exists. > > > > > > > > > > http://www.rocklinux.org/people/pjotr/package/tools/tripwire > > > > > > > > > > It's called Tripwire Policy File Generator... Maybe it could help. > > > > > > > > > > James > > > > > > > > > > On Sat, 2003-01-04 at 20:45, Lorne wrote: > > > > > > Okay perhaps a stupid question, but I just got the RPM file for > > > > > > tripwire mandrake. Only wierd thing is, it was made for Red Hat > > > > > > apparently!?!?! So few files match in the twpol.txt file. What > > > > > > would be cool is if there was a twpol.txt file for mandrake > > > > > > security and mandrake 9.0 made up. Seems like it will take hours > > > > > > and hours to manually add all the files I should have in there. > > > > > > Since it is a base install I'd think that it would be 98% complete > > > > > > this way. I've looked around and found nothing. Anybody know where > > > > > > such a thing exists? > > > > > > > > > > > > > > > > > > ___________________________________________________________________ > > > > > >___ > > > > > > > > > > > > Want to buy your Pack or Services from MandrakeSoft? > > > > > > Go to http://www.mandrakestore.com > > > > > > > > ______________________________________________________________________ > > > > > > > > Want to buy your Pack or Services from MandrakeSoft? > > > > Go to http://www.mandrakestore.com > > > > > > ---- > > > > > > > > > Want to buy your Pack or Services from MandrakeSoft? > > > Go to http://www.mandrakestore.com > > > ---- > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
