1999-03-16-17:14:45 Bill Coutinho:
> Edwin Cremer wrote:
> > [ list of tools for a nice firewall ]
> What about Tripwire (at http://www.cs.purdue.edu/coast/coast-tools.html)
> to complement it?
Particularly since the proposal on the table is for a Linux firewall, I'd
rather use rpm's MD5 checksums instead of tripwire. Whether you use tripwire,
rpm, or something else, you need to guarantee that a known-clean copy of your
checksum database is on archived, offline, read-only media. But if you're
doing it with rpm, hey, look, you've just also guaranteed that the exact same
archive you use for your auditing database also amounts to complete automatic
system rebuild media. Cool --- just so happens I need that too:-).
RPM _everything_, including the final versions of every config file. Archive
those RPMs onto unmountable readonly media (write-once CDs are cool for this
job). When you think you've got it all done, check your work: try an offline
audit, booting from your OS release's rescue media, and try a rebuild with a
scratch machine. You might find it takes you a couple of tries to get it
perfect, but those writable CD media aren't that expensive, and this is a job
that's worth doing right.
If your security stance is suitably conservative, you can avoid changing the
firewall very often, and so keep your ongoing media costs right reasonable.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
