Plus the files/filesystem would have to be decrypted to use. A privileged user would probably have access to that decrypted data.
On Thu, Mar 22, 2012 at 5:58 PM, Castle, Shane <[email protected]> wrote: > If this happened then it's game over. Encrypting the files/filesystem will do > no good if your system is compromised. > > Sorry, I don't buy it. Try again. > > -- > Shane Castle > Data Security Mgr, Boulder County IT > CISSP GSEC GCIH > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Michel Henrique Aquino Santos > Sent: Thursday, March 22, 2012 15:52 > To: [email protected] > Subject: Re: [ossec-list] Database and File rules encrypted? > > If an attacker managed to enter the machine and gain privileged access, it > can read the configuration files if the OSSEC installed as local. Thus, you > can use a directory or file not monitored to carry out the attack, or even > modify the file rules. > > Em 22-03-2012 18:16, Nelson, James escreveu: > > The vast majority of log data is not encrypted to begin with, so how > do you figure it's a vulnerability? At most, transmission between agent and > master could be considered vulnerable but you can set it up to use secure > transmission which would be encrypted. > > > > James > > > ________________________________ > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Michel Henrique Aquino Santos > Sent: Thursday, March 22, 2012 3:54 PM > To: [email protected] > Subject: Re: [ossec-list] Database and File rules encrypted? > > > > Thanks for the reply. This is not good because it creates a > vulnerability in the system. > > Att. > > Em 22-03-2012 17:33, dan (ddp) escreveu: > > Neither are encrypted in OSSEC. > > On Thu, Mar 22, 2012 at 4:22 PM, Michel Henrique Aquino Santos > <[email protected]> <mailto:[email protected]> wrote: > > Hello, > > I'm doing an paper on university study (Federal University of > Lavras - UFLA > - www.ufla.br), comparing four tools for checking integrity of > files > (Tripwire, OSSEC, AIDE and Samhain). > I need some information about the tool OSSEC. > The generated database (snapshot) is encrypted? The rules file > is encrypted? > > > Sorry my english, I can not write correctly. > I await response. > Thank you! > > -- > Att, > > Michel Henrique Aquino Santos > Bacharelado em Ciência da Computação > Universidade Federal de Lavras - UFLA > Skype: michel_has > Gtalk: michel.has > [email protected] > > Linux User # 496756 > > http://resolvidoslinux.blogspot.com/ > > > > > > -- > Att, > > Michel Henrique Aquino Santos > Bacharelado em Ciência da Computação > Universidade Federal de Lavras - UFLA > Skype: michel_has > Gtalk: michel.has > [email protected] > > Linux User # 496756 > > http://resolvidoslinux.blogspot.com/ > > > -- > Att, > > Michel Henrique Aquino Santos > Bacharelado em Ciência da Computação > Universidade Federal de Lavras - UFLA > Skype: michel_has > Gtalk: michel.has > [email protected] > > Linux User # 496756 > > http://resolvidoslinux.blogspot.com/
