[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tripwire for OpenBSD

Quoting Ewing, Timothy K. (Timothy_(_dot_)_Ewing_(_at_)_celera_(_dot_)_com):
> > -----Original Message-----
> > From: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>
> > Quoting Paul Herman (pherman_(_at_)_frenchfries_(_dot_)_net):
> > > ==========
> > > The Open Source Tripwire originally supported only Linux. A few
> > 
> > So my running it on SunOS 4 (before Linux existed) was an illusion?
> > I've moved forward with aide.
> Is it possible that you were using the Academic 1.3.1 version?

It's likely that I was using the only version there was before a
commercial attempt was made at Tripwire - before Linux was out
there (Linux didn't have a network stack for quite some time -
until 0.8, afaik).

We'd generate the checksum file, PGP sign it and copy it off.
periodically the sig would be verified and then the tripwire
check would run.

Since the checksum and binaries lived on disks that were PINNED
read-only, we weren't too concerned about it (or pgp) being altered.
We took precautions against it anyhow.
Belt.  Suspenders.  Little man holding up pants.