Peter C Norton <[EMAIL PROTECTED]> writes:
> So, since you use rpm, you start by checking all of the recorded md5sums
> for the packages you've installed against the master database you have
> locked away on a day 1 backup tape.
I hope that anyone who intends to do this as part of their security policy
uses tripwire rather than relying on RPM. Tripwire is not a package
manager, knows nothing about regular databases, and therefore can't be
tricked into not getting *everything* on your system and has no trouble
with things varying by system; just maintain a tripwire database for each
system.
It also doesn't rely on just one checksum method for sensitive binaries.
RPM's verification thing is nice, but I really wouldn't rely on it as a
replacement for tripwire.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
