Tripwire is a program that uses cryptographic checksums (like md5,
crc32, and SHA1) to perform accounting on the filesystem.
Tripwire is generally used to make sure that a program like login, or
ps, or netstat isn't substituted for a version that is trojaned,
because the MD5 sums on the trojaned version will be different than
the MD5 sums on the original program. Coincidently, this is why Linux
distributors like Red Hat and Mandrake ALWAYS print MD5 sums for their
ISO images avaliable to download.
There is also a GPLed replacement for Tripwire, but I don't remember
the name of it off hand. Somebody else may know.
Tripwire was semi-difficult for me to install the first time. It has
a very strange looking configuration file. There is a manual that
comes with it. I suggest downloading it and printing it out. It is
in PDF format.
If you check out Tripwire and decide that it is to hard for you, you
can do a poor mans version with find and md5sum...
find / -name -print | md5sum > md5sums.
this will print out md5sums for every file on your disk. Tweak to
your hearts content. :-) I would exclude log files, spool
directories, and configuration files that you change frequently.
The Mandrake security scripts attempt to do some of this by
calculating the MD5 sums for SUID and SGID files on your system every
night.
Dan
Mark Weaver <[EMAIL PROTECTED]> said:
> what is tripwire? I've heard that name before somewhere.
>
> --
> Mark
>
> / * Sometimes it becomes necessary to rock the boat
> * in order to get the rats up from below decks
> * so they can be kicked over the side and drowned!
> *
> * REGISTERED LINUX USER # 182496
> */
>
> <<<<<<<<<<<<<<<<<*REPLY SEPERATOR*>>>>>>>>>>>>>>>>>>>>>>
>
> On 4 Dec 2000 ed had this to say!
>
> > Hi all I was wondering if anyone here uses tripwire and if so
where can i
> > get it and how hard is it to install.
> > thanks all .....
> >
> >
____________________________________________________________________
> > Get free email and a permanent address at
http://www.netaddress.com/?N=1
> >
>
>
--
We are Microsoft of Borg
You will be assimilated
resistance is-
Invalid Page Fault in module msborg32.dll
