#42 Cannot change or expect-script passphrases

ross tyler

There is no mechanism available to change the passhprases used to encrypt the private part of the site or local keys. When the set of administrators that know such passphrases change there should be the ability to change their shared secret (passphrase).

Also, the only way to script tripwrire actions that require passphrases is to supply them on the command line. As such command line content is exposed to unprivileged users (say, via the UNIX ps command), this is not secure. Tripwire does attempt to address this issue by overwriting the command line but this just narrows the window of vulnerability.

A more secure mechanism for passing passphrases to tripwire is to leave them off the command line and have tripwire prompt for them. Using a utility like "expect", this mechanism can be scripted. However, tripwire does not support this well as it flushes its standard input after it prompts for it. A quick response from and expect script may, therefore, be lost. Tripwire should be more expect-friendly by prompting after flushing standard input.