the Tripwire database is supposed to be mounted read-only as well, either on CD or write-protected floppy. If it is writeable, you have no security. --Adam -----Original Message----- From: Rask Ingemann Lambertsen <[EMAIL PROTECTED]> To: Qmail mailing list <[EMAIL PROTECTED]> Date: Tuesday, December 29, 1998 7:59 AM Subject: Verifying system binaries (Was: Frivolous forking) :On 23-Dec-98 05:20:37, Russ Allbery wrote something about "Re: Frivolous forking". I just couldn't help replying to it, thus: : :> I hope that anyone who intends to do this as part of their security policy :> uses tripwire rather than relying on RPM. Tripwire is not a package :[cut] : : Which is all great until the tripwire database itself is tampered with. A :competent intruder would wipe it out as the first thing (s)he does. It is a :darn sight more difficult to hack the MD5 sums on your Redhat Linux CDROM. : :> RPM's verification thing is nice, but I really wouldn't rely on it as a :> replacement for tripwire. : : And I would not trust my tripwire database once my system has been :compromised. : :Regards, : :/������������������������������T�����������������������������������������\ :| Rask Ingemann Lambertsen | [EMAIL PROTECTED] | :| Registered Phase5 developer | WWW: http://www.gbar.dtu.dk/~c948374/ | :| A4000, 775 kkeys/s (RC5-64) | "ThrustMe" on XPilot and EFnet IRC | :| Life starts at '030, fun starts at '040, impotence starts at '86. | : :
