My intent wasn't to get a "my firewall is" debate. I am a HUGE fan of Mandrake and I've set up the new Mandrake security firewall and it is awesome. All gui based. I just want firewire on it before I put it out in the wild. my lrp based firewall has some sort of buffer overflow in it and they keep busting in. I need to get this up in the next few days.
On Sunday 05 January 2003 11:44 am, mike wrote: > On Sunday 05 January 2003 01:34 pm, you wrote: > > On Sun, 2003-01-05 at 08:57, Lorne wrote: > > > On Sunday 05 January 2003 12:32 am, Jack Coates wrote: > > > > I just so happen to be a certified Tripwire something-or-other, which > > > > means that an employer or two ago I was sent to a class and took a > > > > test. They do sell a nifty GUI for managing policies; however, said > > > > GUI promptly drops you into the text editor of your choice if you > > > > want to change the policy instead of manage it or report on > > > > violations or something. > > > > > > > > Tripwire is the best thing going if you've got 2500 servers rolled > > > > from about five or ten gold images to keep an eye on. For the average > > > > home hack, the nightly rpm -aV that msec gives you is just plenty. > > > > Managing Tripwire on a desktop is the kind of annoyance I don't need. > > > > > > Hmmm... good info indeed. Actually I wanted to set it up on my mandrake > > > firewall box. I was playing with it on my regular linux box to get an > > > idea of what I was up against. It is looking like there is no easy > > > answers. It sure does seem that part of the tool of tripwire would be > > > to make up the config file for a system. I'm sure there is a good > > > reason not to, but I can't imagine what it is. > > > > Now you know why rates for security analysts are so high :-). It's not > > impossible to do, it's just very very tedious and requires a very good > > knowledge of your system. For a firewall it's reasonable because the > > system is so constrained, and it's certainly worth doing if you can > > spare an evening or two. Another approach that I like a lot for a > > firewall is LEAF. http://www.monkeynoodle.org/lrp/LRP-why.html for the > > reasons why. > > > > > > On Sat, 2003-01-04 at 23:24, James Sparenberg wrote: > > > > > Lorne, > > > > > Good luck setting up tripwire is enough of a pain that I would > > > > > bet MDK could up the price $10 US a box if they only were to add a > > > > > working tripwire policy file *grin* (In fact it's so much of a pain > > > > > I've been trying for 12 months just to find the time... no such > > > > > luck every time I start MDK updates the distro.) > > > > > > > > > > James > > > > > > > > > > On Sat, 2003-01-04 at 22:44, Lorne wrote: > > > > > > Thanks. I've been playing with it for an hour or so. No luck yet, > > > > > > but it does look promising. > > > > > > > > > > > > On Saturday 04 January 2003 10:37 pm, James Sparenberg wrote: > > > > > > > Haven't used it but I know it exists. > > > > > > > > > > > > > > http://www.rocklinux.org/people/pjotr/package/tools/tripwire > > > > > > > > > > > > > > It's called Tripwire Policy File Generator... Maybe it could > > > > > > > help. > > > > > > > > > > > > > > James > > > > > > > > > > > > > > On Sat, 2003-01-04 at 20:45, Lorne wrote: > > > > > > > > Okay perhaps a stupid question, but I just got the RPM file > > > > > > > > for tripwire mandrake. Only wierd thing is, it was made for > > > > > > > > Red Hat apparently!?!?! So few files match in the twpol.txt > > > > > > > > file. What would be cool is if there was a twpol.txt file for > > > > > > > > mandrake security and mandrake 9.0 made up. Seems like it > > > > > > > > will take hours and hours to manually add all the files I > > > > > > > > should have in there. Since it is a base install I'd think > > > > > > > > that it would be 98% complete this way. I've looked around > > > > > > > > and found nothing. Anybody know where such a thing exists? > > My firewall is IPKungfu.It works real good and is easily configurable from > one main file: ipkungfu.conf. > > http://freshmeat.net/projects/ipkungfu/?topic_id=43%2C151
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
