Andy said:
> > What Bennett said. Are you sure you don't mean that crackers are
known to
> > replace either the tripwire binary or the database?
>
> Following that point, does anybody know how to check the integrity
of
> the integrity checker?
The standard way, run the checker frequently from cron off a CD that
you burned, that includes the fingerprints of the files you want to
check. And verify by hand every once in a while that a hacker hasn't
unmounted the CD and replaced it with his modified checker and
fingerprint files in the filesystem where the CD is normally mounted.
But a really good hacker could install a modified kernel to redirect
filesystem requests from your CD to his own hidden modified checker
and fingerprints. There's no perfect solution if someone gets root on
your machine, they can do anything. The last resort is to rebuild
your machine every once in a while from scratch, but that just means
they have to re-hack you every once in a while. Depends on how
paranoid you are.
Load up on security. Get an IDS and a good firewall, and you may
catch them if you're smarter than they are.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
