Re: [Integrit-users] Implimentation strategy...
Brought to you by:
ecashin
Menu
▾
▴
Re: [Integrit-users] Implimentation strategy...
|
From: <eri...@pr...> - 2002-02-25 05:41:06
|
On 23 Feb 2002, Ed L Cashin wrote: > <eri...@pr...> writes: > > 1. Is there any way to prevent prying eyes from viewing integrit's > > configuration file [besides filesystem permissions]? (e.g., Tripwire > > encodes its configuration files - But I don't know how that would > > work with cron-jobs...) Or, is it nonsense to think that if > > filesystem permissions are not enough. i.e., If an intruder has > > gained root access and can thereby read the config file, it's > > already too late because intruder can then just remove the cron job. > > No, integrit provides no feature for preventing root from viewing > configuration files or database files. I think you're right that this > feature would not be very useful. I was thinking that creating a passphrase-encrypted config file would help slow-down intruders... But I suppose that setting the config file's permissions as `400` would be effective enough. > > 2. Where does "human-readable output" come-from/go-to when integrit is run > > by a cron-job? > > It goes to standard output, which must be piped to somewhere else as > safely as your circumstances merit. For example, for simple > script-kiddie detection it would be sufficient to simply pipe the > output to something like sendmail. So just piping the output to /bin/sendmail will send the human-readable output (including md5 checksum) to an e-mail address? e.g., integrit -c -C /mnt/cdrom/integrit.conf | sendmail fo...@ba.... -- Eric P. Los Gatos, CA |
