[Integrit-users] Implimentation strategy...
Brought to you by:
ecashin
Menu
▾
▴
[Integrit-users] Implimentation strategy...
|
From: <eri...@pr...> - 2002-02-24 00:26:51
|
Hello, All: I'm new to integrity checking, so please forgive my naivete: 1. Is there any way to prevent prying eyes from viewing integrit's configuration file [besides filesystem permissions]? (e.g., Tripwire encodes its configuration files - But I don't know how that would work with cron-jobs...) Or, is it nonsense to think that if filesystem permissions are not enough. i.e., If an intruder has gained root access and can thereby read the config file, it's already too late because intruder can then just remove the cron job. 2. Where does "human-readable output" come-from/go-to when integrit is run by a cron-job? 3. When running integrit from /mnt/cdrom as a cron-job (and reading integrit's known database from /mnt/cdrom): Is anything special needed besides configuring `-c /mnt/cdrom/integrit.cdb`? e.g., Where will the results of the check go - The file specified in the `current=` parameter of the config file? 4. When running from a cron-job: Where will the md5 hash of the current database go? (So that - when I do finally find the time to review the current .cdb - I know that it hasn't been tampered with.) -- Eric P. Los Gatos, CA |
