On Fri, 12 Oct 2001, McAllister, Andrew wrote:

> Correct me if I'm wrong, but this was only a problem with the academic (1.3)
> release of Tripwire, no? The 2.x versions encrypt and sign database files,
> report files, policy files and configuration files. Did I miss an
> announcement that the 2.x versions of Tripwire are still susceptible to
> tampering?
>
> Andrew McAllister
> University of Missouri

All the 2.x versions (current is 2.4.0) support encrypted policy
and database. So all a cracker can do is delete them ... unless
you typed your public and private passwords over a cleartext link ...

TW-1.3 can be made "pretty safe" if you put your tripwire tree on
a switchable ro/rw disk. Making most external disks switchable
is a simple hardware mod. I have a software utility for switching
between ro and rw mode while the system (solaris 7 and up) is up and
running, if anyone wants it.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]