Date: Sat, 12 Dec 1998 16:35:32 -0500 From: Adam Shostack <adam@homeport.org> To: Roger Marquis <marquis@roble.com>, security@FreeBSD.ORG Subject: Re: tripwire was Re: append-only devices for logging Message-ID: <19981212163532.A26497@weathership.homeport.org> In-Reply-To: <Pine.SUN.3.96.981211224050.15866A-100000@roble.com>; from Roger Marquis on Fri, Dec 11, 1998 at 10:46:51PM -0800 References: <199812120549.VAA18425@hub.freebsd.org> <Pine.SUN.3.96.981211224050.15866A-100000@roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 11, 1998 at 10:46:51PM -0800, Roger Marquis wrote: | James Wyatt <jwyatt@rwsystr.RWSystems.net> wrote: | > This is a *great* idea! I had set the BIOS to boot w/o floppy and written | > the DB to a floppy I changed to R/O by hand. This has a limit of 1.44MB | Except when the floppy has bad sectors, and a large percent of floppys | do, and sends the drive into an I/O loop that can't be fixed w/o a | reboot. It seems to me that thats a bug that ought to be fixed, that a bad floppy can require a reboot. | > how do you protect tripwire from modification? | | We keep the entire tripwire directory encrypted when not in use. Encryption is not authentication. I'd urge that you look to an authentication algorithm, such as md5-hmac or pgp signing. I personally keep the tw databases on floppy; its cheaper than cd-rom, and I've yet to be bitten by a needed reboot. (Floppies are cheaper because they're reusable; burn a CD, make some changes, burn a new cd.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981212163532.A26497>