Date: Fri, 17 Sep 1999 08:29:15 -0500 From: Michael Grommet <mgrommet@isiar.net> To: "'Harry M. Leitzell'" <Harry_M_Leitzell@cmu.edu>, 'Brett Glass' <brett@lariat.org> Cc: 'Liam Slusser' <liam@tiora.net>, 'Kenny Drobnack' <kdrobnac@mission.mvnc.edu>, "'security@FreeBSD.ORG'" <security@FreeBSD.ORG> Subject: RE: BPF on in 3.3-RC GENERIC kernel Message-ID: <7011ACE3864AD31183E50008C7FA081F01D4D0@ISIMAIN>
next in thread | raw e-mail | index | archive | help
Just to add my 2 cents worth, I've always been able to store the tripwire database on a floppy, physically write protected :) I suppose if you had lots and lots of files for tripwire to keep track of, this wouldnt work, but hey, even if someone is more advanced than your average script kiddie, they still won't be able to overwrite the info. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Harry M. Leitzell Sent: Thursday, September 16, 1999 8:28 PM To: Brett Glass Cc: Liam Slusser; Kenny Drobnack; security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel No offense, but tripwire is really a bit overrated except if the person is a script child and hasn't a clue as to what to do. If tripwire hasn't been set up with the db set on a readonly disk partition and you gain root, you can set up a KLM to change the db on the fly. On Thu, 16 Sep 1999, Brett Glass wrote: > At 04:14 PM 9/16/99 -0700, Liam Slusser wrote: > > >Right...but if the system was hacked what would stop the hacker from > >building BPF in a kernel? > > securelevel=2 or securelevel=3. > > Or Tripwire. > > --Brett > > > [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] Harry M. Leitzell - Harry_M_Leitzell@cmu.edu Carnegie Mellon University Finger for PGP Public Key [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7011ACE3864AD31183E50008C7FA081F01D4D0>