Take a look at viper. I think all it uses is SUM, but it is fast enough
to be run every 5 minutes. Look for it at:
http://www.opensec.net
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Fri, 13 Aug 1999 [EMAIL PROTECTED] wrote:
> Russell Enderby said:
> > In pursuit of determining critical system files for modifications I
> was
> > thinking the checksum prog 'sum' would be sufficient. Understanding
> > that time,date, and file size can be modified under the ext2fs/ufs
> > directory table. Is it possible to also make the 'sum' checksum
> appear
> > to be correct?
> >
> > I was under the impression tripwire uses its own special checksum
> prog
> > to verify files, although would 'sum' be sufficient as well? If not
> > does anyone know of better more thorough checksum app?
>
> As Carric said, tripwire uses MD5. That's much better than 'sum'.
> The unix 'sum' program just computes a simple checksum based on XORing
> every byte in the file. A hacker could easily modify a file and have
> it come up with the same checksum as the original. The MD5 algorithm
> is significantly different, and it is non-trivial (if I recall
> correctly) to modify a file in such a way that it produces the same
> MD5 signature. That's the entire object of tripwire, to detect file
> changes on compromised systems. If you're worried about files being
> changed on your systems, I'd recommend installing tripwire as your
> first line of defense, and maybe a second system using a different
> checksum algorithm if you're really paranoid.
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
