Is this security check a SuSE version of Tripwire? Any comparison between the two programs? -----Original Message----- From: Togan Muftuoglu [mailto:toganm@users.sourceforge.net] Sent: Friday, May 04, 2001 2:34 PM To: Jon Roig Cc: suse-linux-e@suse.com Subject: Re: [SLE] How do I restart security check... Jon Roig wrote:
For awhile, I had a nice little security check that would run nightly/weekly/monthly and give me updates on what files had changed...
... but then I did something, and killed it. :(
rpm -Uhv seccheck.rpm -- Togan Muftuoglu -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
On Tue, May 08, 2001 at 08:59:29AM -0500, Vetter, Gary H. wrote:
Is this security check a SuSE version of Tripwire? Any comparison between the two programs?
No. The SuSE seccheck runs a bunch of scripts that look for changed devices, newly loaded or removed modules, bad passwords, etc. It keeps its info in a directory on disk; if a cracker gains root access to your system, he/she can modify this info to cover his/her tracks. Tripwire is merely a filesystem comparison tool. It checks changes in contents, properties, and sizes of the files you specify. If you use it properly, however, it is much safer from attacks than seccheck. Tripwire expects that you will generate the initial file database on a known clean system, and then store it on read-only media. This way, a remote attacker can't alter your database to cover his/her tracks. -tara
participants (2)
-
Tara L Andrews -
Vetter, Gary H.