2000-03-29-16:15:22 Loren MacGregor:
> I'm going to sound like a broken record, [...]
Lots of that going around, I'll sing the chorus:-)
> [...] but I really think (especially if you're using Redhat Linux)
> that the Tripwire for Linux product will serve you admirably.
I think Red Hat Linux users are in an especially good position to
have something better than tripwire available to them.
RPMs include MD5 checksums. So if you have the CDROM you installed
your Linux from, you can check everything installed with RPM, that's
nearly everything there is. Make sure you RPM all the stuff you add,
and keep offline copies of those (good for rebuilding, upgrading,
making more identical boxes, etc.) and all you have left is the
handful of security-critical files that you don't manage with RPM.
Save them offline.
The hardest part of doing Tripwire right is properly managing the
database for good security. That hard part comes as a free benefit
of proper package management when you have good checksums in your
packaging tool.
> You should upgrade your Red Hat server, though. :)
And write a security policy:-).
-Bennett
PGP signature
