[rescue] SGI fw_sshd and security

Dave McGuire mcguire at neurotica.com
Mon Mar 8 13:32:40 CST 2004

On Mar 8, 2004, at 12:45 PM, Kevin Loch wrote:
>>> Your Tripwire database, executable binary and tw.config file are
>>> supposed to be located on read only media.  An attacker could
>>> edit the cron process, that runs Tripwire automatically, to run a
>>> hacked version, but that would still fail with manual audits
>>> which should be done at least once a week.
>>   Yes, supposed to be...but who actually does that?
> People who don't spend enough time auditing their firewall
> config.

   Yes. :)  But it's not a perfect world.  I remember my biggest 
complaint about moving to SCSI disks from SMD and IPI about eleven 
years ago: no write-protect buttons.


Dave McGuire                      "My tummy hurts now, but my soul
Cape Coral, FL                   feels a little better."     -Ed

More information about the rescue mailing list