From: Steve W. <ste...@pa...> - 2006-02-18 20:19:08
|
Eric Langheinrich wrote: > I am just starting to work with tripwire and have a question about securing > the check process. > > Most of what I have read tells me that I need to store the database on > read-only media, but I seem to recall reading somewhere that I really only > need to store the binary, key files, and maybe the configuration/policy file > on read only media. Obviously, not having to store the database on read-only > media is advantageous since I can then update the database remotely when > system changes are performed. > > What is the right way to secure tripwire? Does the binary check that the > database is signed with the proper key when a 'tripwire --check' is > performed? Do I need to store that database on read-only media? Ok, so this may not work for everyone, but I may have found the ultimate way to secure tripwire. We use xen virtualisation. The xen host mounts the virtual machines filesystem read-only and tripwire running on the host checks the mounted filesystem. The virtual machine has no tripwire installation at all, nothing to be compromised. The host doesn't even need to have an internet-facing network connection (it needs a physical interface, but it doesn't need to listen on it). |