On Sunday 05 January 2003 01:34 pm, you wrote: > On Sun, 2003-01-05 at 08:57, Lorne wrote: > > On Sunday 05 January 2003 12:32 am, Jack Coates wrote: > > > I just so happen to be a certified Tripwire something-or-other, which > > > means that an employer or two ago I was sent to a class and took a > > > test. They do sell a nifty GUI for managing policies; however, said GUI > > > promptly drops you into the text editor of your choice if you want to > > > change the policy instead of manage it or report on violations or > > > something. > > > > > > Tripwire is the best thing going if you've got 2500 servers rolled from > > > about five or ten gold images to keep an eye on. For the average home > > > hack, the nightly rpm -aV that msec gives you is just plenty. Managing > > > Tripwire on a desktop is the kind of annoyance I don't need. > > > > Hmmm... good info indeed. Actually I wanted to set it up on my mandrake > > firewall box. I was playing with it on my regular linux box to get an > > idea of what I was up against. It is looking like there is no easy > > answers. It sure does seem that part of the tool of tripwire would be to > > make up the config file for a system. I'm sure there is a good reason not > > to, but I can't imagine what it is. > > Now you know why rates for security analysts are so high :-). It's not > impossible to do, it's just very very tedious and requires a very good > knowledge of your system. For a firewall it's reasonable because the > system is so constrained, and it's certainly worth doing if you can > spare an evening or two. Another approach that I like a lot for a > firewall is LEAF. http://www.monkeynoodle.org/lrp/LRP-why.html for the > reasons why. > > > > On Sat, 2003-01-04 at 23:24, James Sparenberg wrote: > > > > Lorne, > > > > Good luck setting up tripwire is enough of a pain that I would bet > > > > MDK could up the price $10 US a box if they only were to add a > > > > working tripwire policy file *grin* (In fact it's so much of a pain > > > > I've been trying for 12 months just to find the time... no such luck > > > > every time I start MDK updates the distro.) > > > > > > > > James > > > > > > > > On Sat, 2003-01-04 at 22:44, Lorne wrote: > > > > > Thanks. I've been playing with it for an hour or so. No luck yet, > > > > > but it does look promising. > > > > > > > > > > On Saturday 04 January 2003 10:37 pm, James Sparenberg wrote: > > > > > > Haven't used it but I know it exists. > > > > > > > > > > > > http://www.rocklinux.org/people/pjotr/package/tools/tripwire > > > > > > > > > > > > It's called Tripwire Policy File Generator... Maybe it could > > > > > > help. > > > > > > > > > > > > James > > > > > > > > > > > > On Sat, 2003-01-04 at 20:45, Lorne wrote: > > > > > > > Okay perhaps a stupid question, but I just got the RPM file for > > > > > > > tripwire mandrake. Only wierd thing is, it was made for Red Hat > > > > > > > apparently!?!?! So few files match in the twpol.txt file. What > > > > > > > would be cool is if there was a twpol.txt file for mandrake > > > > > > > security and mandrake 9.0 made up. Seems like it will take > > > > > > > hours and hours to manually add all the files I should have in > > > > > > > there. Since it is a base install I'd think that it would be > > > > > > > 98% complete this way. I've looked around and found nothing. > > > > > > > Anybody know where such a thing exists? > > > > > > > My firewall is IPKungfu.It works real good and is easily configurable from one main file: ipkungfu.conf.
http://freshmeat.net/projects/ipkungfu/?topic_id=43%2C151 -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Michael Shinobi a.k.a. 'alfalfa' Mandrake 8.2 Kernel-2.4.18-8.1mdk Linux user #298896 Sun Jan 5 13:42:33 EST 2003 1:42pm up 4 days, 15:53, 2 users, load average: 0.20, 0.08, 0.02 Homepage: http://micronuke.tripod.com/ Email: [EMAIL PROTECTED] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Save a little money each month and at the end of the year you'll be surprised at how little you have. -- Ernest Haskins
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
