Tripwire Update ...

Karl DeBisschop kdebisschop at alert.infoplease.com
Tue Nov 25 06:01:00 UTC 2003 

On Mon, 2003-11-24 at 20:04, Wil Cooley wrote:
> On Mon, 2003-11-24 at 08:49, Karl DeBisschop wrote:
> > I personally gave up tripwire in favor of aide some time ago. 
> > 
> > Not that choice is bad, but it seemed worth mentioning. I thought I'd
> > read someplace that aide was slated to replace tripwire in FC, but maybe
> > that was my imagination.
> 
> Oh man, have you looked at the code for AIDE?

I haven't. It's worked for me out of the box, so I haven't needed to.

But I'll accept your judgment that it should be cleaner.

At the same time, I submit that the configuration of tripwire is too
messy. My example: Since I run postgresql on several servers, files are
routinely created and changed by DBMS users. In aide, a one line config
switch excludes the DBMS data directory from the file scan. For
tripwire, part of the discussion today was about creating add-on
utilities that help the sysadmin exclude files that should not be
checked.

Tripwire may fit some needs, but since I to admin 20+ servers and
desktops in something like 5 hours per week. With user-friendly tools
like aide and logwatch, I can be a little proactive about security
within those constraints. If I have to set up tripwire for each if those
boxes, I don't think I can do it in that time frame.

So I ask:

1) am I missing something that would make tripwire configurable for a
basic setup in a 10-minute time frame?

2) If I am not, is there an alternative to both aide and tripwire that
has clean code _and_ is more manageable than tripwire.

3) if there is no such alternative, what do you suggest Fedora _should_
use in this role?

4) If your answer to above is open-source tripwire plus some code
changes and add-ons, can I assume that you have also audited the
tripwire code and found it to be substantially cleaner than aide?

(Reading the above, ISTM these questions are rather direct and could be
antagonistic. That is not my intent - it just seems they are the
questions that need to be answered to decide on an integrity-checking
app for Fedora. So please don't read hostility into their directness -
none is intended)

-- 
Karl DeBisschop <kdebisschop at alert.infoplease.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20031125/9730d7fd/attachment-0002.bin

More information about the devel mailing list