[PLUG] Securing tripwire/aide databases
Russ Johnson
russj at dimstar.net
Wed Nov 17 18:41:46 UTC 2004
Keith Nasman wrote:
> I'm confused by what you mean. By modified binaries do you mean of the
> integrity checker? Or do you mean other system binaries (ls, ps, top,
> etc)? If it is the latter then isn't that what the integrity checker
> is for? I've used the debian tool debsums and rpm --verify to check
> the binaries against the package installed versions. I also store a
> few important binaries on the floppies as well (ls, ps, netstat, etc).
I'm talking about the binaries that do the checking. /usr/sbin/tripwire
or /usr/sbin/aide, etc.
Tripwire recommends that you keep copies of the database and binaries
off system, on read only media, to check the system if compromise is
suspected.
Russ
More information about the PLUG
mailing list