[rescue] SGI fw_sshd and security

Kevin Loch kloch at gurunet.net
Mon Mar 8 11:45:13 CST 2004

Dave McGuire wrote:
> On Mar 8, 2004, at 9:28 AM, Kevin wrote:
>> Your Tripwire database, executable binary and tw.config file are
>> supposed to be located on read only media.  An attacker could
>> edit the cron process, that runs Tripwire automatically, to run a
>> hacked version, but that would still fail with manual audits
>> which should be done at least once a week.
>   Yes, supposed to be...but who actually does that?

People who don't spend enough time auditing their firewall


More information about the rescue mailing list