This of course is trivial for an attacker to circumvent, the RPM database is not really protected at all.
Burn it on a CD-R along with your tripwire database as soon as you have installed and configured your system, but before you bring up the network connections or allow anyone to log in on the console. And make sure no hacker can swap the CD-R around for one of his own making after compromising your system... :o)
Cheers! Yuri.
I used to have the plaintext file databases lying around in the system,
hidden a bit so that it isn't obvious that it's a bait. The encrypted file
was somewhere else on the system. A simple diff over the two files
revealed what could have been tempered around with. Came very handy at
times...
Roman.
--
- -
| Roman Drahtmüller