On Thu, Oct 17, 2002 at 01:06:41PM +0200, linux power wrote: > Are u sure? I have no time to expriment.
It's damn good at telling you if something in your system has been changed. But it only works if you configure it from a known sane state, so the tripwire system recognizes how your system is "supposed" to be. The idea of having a second small system serving as a firewall is very helpful. My advice here would be: 1. Install new firewall system, but keep it offline. 2. Download all errata which apply to said system on a second machine. 3. Apply these errata (You can use a CD to take them to the new system. 4. Configure your system to your hearts content, specially the iptables rules and tripwire. 5. Back it up in offline media!!! 6. Get it online, register it to RHN and setup a cron job to apply all errata on a daily basis. 7. check the systems logs regularly. Firewalls are not plug'n'forget devices. This should get you a long way beyond your unfriendly neighborbood script kiddie, and in case of an indident, you can always restore from the backup you made saving yourself the trouble of reconfiguring the firewall again. Cheers, -- Javier Gostling Ingeniero de Sistemas Virtualia S.A. [EMAIL PROTECTED] Fono: +56 (2) 202-6264 x 130 Fax: +56 (2) 342-8763 Av. Kennedy 5757, of 1502 Las Condes Santiago Chile
msg91965/pgp00000.pgp
Description: PGP signature