Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] How do I restart security check...
  • From: Tara L Andrews <tla@xxxxxxx>
  • Date: Wed, 9 May 2001 00:35:33 -0400
  • Message-id: <20010509003533.C1317@xxxxxxxxxxxxxxxx>
On Tue, May 08, 2001 at 08:59:29AM -0500, Vetter, Gary H. wrote:
> Is this security check a SuSE version of Tripwire? Any comparison between
> the two programs?

No.

The SuSE seccheck runs a bunch of scripts that look for changed
devices, newly loaded or removed modules, bad passwords, etc. It
keeps its info in a directory on disk; if a cracker gains root access
to your system, he/she can modify this info to cover his/her tracks.

Tripwire is merely a filesystem comparison tool. It checks changes in
contents, properties, and sizes of the files you specify. If you use
it properly, however, it is much safer from attacks than seccheck.
Tripwire expects that you will generate the initial file database on a
known clean system, and then store it on read-only media. This way, a
remote attacker can't alter your database to cover his/her tracks.

-tara
< Previous Next >
References