However if you have this _and_ are root _and have gained shell access you
_can_ update the tripwire database after making your changes. The only
thing a good sysop will notice, however, is the last modification time of
the tripwire database, and that possibly some items it had in alert state
are missing. I always change some file in /root _after_ tripwire -u to have
this "marker" in the notification list.
The Tripwire documentation suggests that the database be
held on a floppy which is then write-protected - should
prevent a blackhat getting to it.
Just my 0.02 euros........
>O Ernest E. Vogelsinger
(\) ICQ# 13394035
^
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
