On Tue, May 08, 2001 at 08:59:29AM -0500, Vetter, Gary H. wrote:
Is this security check a SuSE version of Tripwire? Any comparison between the two programs?
No. The SuSE seccheck runs a bunch of scripts that look for changed devices, newly loaded or removed modules, bad passwords, etc. It keeps its info in a directory on disk; if a cracker gains root access to your system, he/she can modify this info to cover his/her tracks. Tripwire is merely a filesystem comparison tool. It checks changes in contents, properties, and sizes of the files you specify. If you use it properly, however, it is much safer from attacks than seccheck. Tripwire expects that you will generate the initial file database on a known clean system, and then store it on read-only media. This way, a remote attacker can't alter your database to cover his/her tracks. -tara