[1849] in SIPB_Linux_Development
Re: suggestion for /etc/athena/inetd.conf
daemon@ATHENA.MIT.EDU (Aaron M. Ucko)
Mon Oct 6 10:47:38 1997
To: James Robertson <jsrobert@MIT.EDU>
Cc: Edwin Foo <efoo@MIT.EDU>, Erik Nygren <nygren@MIT.EDU>,
"Kevin 'Bob' Fu" <fubob@MIT.EDU>, linux-dev@MIT.EDU,
net-defense@MIT.EDU
From: amu@MIT.EDU (Aaron M. Ucko)
Date: 06 Oct 1997 10:47:12 -0400
In-Reply-To: James Robertson's message of "Mon, 06 Oct 1997 02:47:40 EDT"
James Robertson <jsrobert@MIT.EDU> writes:
> If something like Tripwire were easily available to Linux-Athena
> sysadmins, it would be nice to have the hashes (or logs or however it
> records the file changes) for the Linux-Athena system files available
> in some AFS locker. Maybe even the binaries should be in a
> locker. This would improve the sysadmin's confidence that the Tripwire
The Athena binaries are in /afs/sipb/system/i386_linux2/srvd*.
Keeping the Red Hat binaries around probably isn't worth the space.
> logs or binaries hadn't been changed by some system cracker. However,
> making Tripwire available would discourage sysadmins from completely
> reinstalling after a breakin, and this could be considered a bad thing
> since backdoors may still exist. Is this line of thinking too
> paranoid?
Probably...if we provide a disk image (or image set?) with all
relevant software, including AFS stuff, users can use known good
binaries to verify their system files.
--
Aaron M. Ucko <amu@mit.edu> (finger amu@monk.mit.edu) [Stark raving sane]
