AIDE/Tripwire
Michael Schwendt
ms-nospam-0306 at arcor.de
Thu Aug 14 16:23:40 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 13 Aug 2003 16:45:02 +0100, Mr. Adam ALLEN wrote:
> > > I think it's dangerous to automatically rebuild the database,
> >
> > I think nobody has suggested to rebuild the database automatically.
>
> No nobody has, but a logical next step I guessed might be that if we
> have the files that rpm modified (/etc/tripwire.d) then why not just
> take care of it automatically.
Because rebuilding the database should be a manually executed
process which is controlled (=verified) by the admin _as long as_
installed files can be modified once they are installed. Another
level of security is good. RPM installs signed packages and can
verify integrity of installed files. But who checks that RPM itself
and its database don't get modified?
Building a default policy file -- paranoid defaults ;) -- and
stripping down unneeded entries can be automated, though, at least
partially.
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/O7eM0iMVcrivHFQRAqVDAKCGKiLys+kIC56h5tT3f5oGogE8NQCbBxpH
nChm7oAckIyulhjfMkmyG2E=
=3ff3
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list