Rask Ingemann Lambertsen <[EMAIL PROTECTED]> writes:
> Which is all great until the tripwire database itself is tampered
> with. A competent intruder would wipe it out as the first thing (s)he
> does. It is a darn sight more difficult to hack the MD5 sums on your
> Redhat Linux CDROM.
Which is, of course, why you secure your tripwire database, like it says
in the nice README, using read-only media or some similar difficult-to-
bypass security (like a network file system that requires cryptographic
authentication, such as AFS, and write-protected floppies to store the
databases for the actual authentication and file servers).
Accusing tripwire of being less secure than an MD5 checksumming scheme
because you didn't follow the tripwire documentation is a little
questionable.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
