> I was thinking of a script that runs tripwire every few minutes
> and shuts down the web server if content is compromised.
Well, I see a problem with that. Assuming that someone who can
change your content can also change system services, an attacker
could mearly redirect the http server to serve a different file
instead of the expected one. The tripwire approach would be fooled
because the file(s) it's watching hasn't been changed.
Yes, you could also have tripwire watch your httpd configuration
files, but you'd have to remember, that in addition to stopping
tripwire when you update your content, you'd also have to stop
tripwire when you modified your httpd configuration files.
Perhaps a better method would be to actually request the page via a
standard HTTP request and run tripwire against the content returned.
Tripwire is probably overkill for this situation though. A simple
md5 check would probably suffice.
Again, you'd just have to be extremely careful that you
disable/update your integrity checker whenever you update site
content.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
