[rescue] SGI fw_sshd and security

Kevin kevin at mpcf.com
Mon Mar 8 08:28:05 CST 2004

Your Tripwire database, executable binary and tw.config file are
supposed to be located on read only media.  An attacker could
edit the cron process, that runs Tripwire automatically, to run a
hacked version, but that would still fail with manual audits
which should be done at least once a week.


On Sun, 7 Mar 2004 17:03:09 -0500
Dave McGuire <mcguire at neurotica.com> wrote:
>    Well in that case, something like tripwire would be your
>    friend, but then if the perp could arbitrarily write to
>    root-owned, write-protected files I suppose that'd be
>    useless too.

More information about the rescue mailing list