[redhat-lspp] File Integrity Tests from RBAC
Steve Grubb
sgrubb at redhat.com
Thu Sep 29 18:20:29 UTC 2005
On Thursday 29 September 2005 14:06, Stephen Smalley wrote:
> Is tripwire able to deal with prelink'd binaries?
I don't think Red Hat ships tripwire...so I am guessing that it does not.
> At one time, it wasn't, so it would report them as all modified after the
> first prelink run from cron.
We could fix it, though, as well as teach it about extended attributes. That
is *if* this is how this requirement is traditionally met. That is the big
question.
> rpm -V handles it correctly.
But there are enough chmods to various programs and changes to config files
that there will be a lot of false alarms.
I was wondering if the intent of this spec was to ensure a tool was available
that could be extended to other use by the system admin (tripwire-like
solutions), or if we just have to check the files in the security target only
(homebrew scripts).
-Steve
More information about the redhat-lspp
mailing list