[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Tripwire Update ...

On Mon, 2003-11-24 at 20:04, Wil Cooley wrote:
> On Mon, 2003-11-24 at 08:49, Karl DeBisschop wrote:
> > I personally gave up tripwire in favor of aide some time ago. 
> > 
> > Not that choice is bad, but it seemed worth mentioning. I thought I'd
> > read someplace that aide was slated to replace tripwire in FC, but maybe
> > that was my imagination.
> Oh man, have you looked at the code for AIDE?

I haven't. It's worked for me out of the box, so I haven't needed to.

But I'll accept your judgment that it should be cleaner.

At the same time, I submit that the configuration of tripwire is too
messy. My example: Since I run postgresql on several servers, files are
routinely created and changed by DBMS users. In aide, a one line config
switch excludes the DBMS data directory from the file scan. For
tripwire, part of the discussion today was about creating add-on
utilities that help the sysadmin exclude files that should not be

Tripwire may fit some needs, but since I to admin 20+ servers and
desktops in something like 5 hours per week. With user-friendly tools
like aide and logwatch, I can be a little proactive about security
within those constraints. If I have to set up tripwire for each if those
boxes, I don't think I can do it in that time frame.

So I ask:

1) am I missing something that would make tripwire configurable for a
basic setup in a 10-minute time frame?

2) If I am not, is there an alternative to both aide and tripwire that
has clean code _and_ is more manageable than tripwire.

3) if there is no such alternative, what do you suggest Fedora _should_
use in this role?

4) If your answer to above is open-source tripwire plus some code
changes and add-ons, can I assume that you have also audited the
tripwire code and found it to be substantially cleaner than aide?

(Reading the above, ISTM these questions are rather direct and could be
antagonistic. That is not my intent - it just seems they are the
questions that need to be answered to decide on an integrity-checking
app for Fedora. So please don't read hostility into their directness -
none is intended)

Karl DeBisschop <kdebisschop alert infoplease com>

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]