Tripwire and prelink

2006-05-13
2013-04-30
  • Peter Verthez
    Peter Verthez
    2006-05-13

    What are the thoughts of the people on this list
    about making tripwire prelink-aware ?

    As it stands now, the combination of tripwire and
    prelink gives a lot of false positives,
    especially when you do system updates, which
    means that you have to
    1) either disable prelink altogether;
    2) or perform prelink manually after a system
    update, followed by a rebuild of the tripwire
    database (ideally by first disconnecting from
    the net).

    Tripwire could get its MD5 sums via the command
    'prelink --md5 <file>' instead of calculating
    them itself.  In this way it gets the MD5 sum from
    the unmodified binary.

    Would something like this be considered secure
    enough as new feature for tripwire ?

    Peter.