[rescue] SGI fw_sshd and security
Dave McGuire
mcguire at neurotica.com
Mon Mar 8 13:32:40 CST 2004
On Mar 8, 2004, at 12:45 PM, Kevin Loch wrote:
>>> Your Tripwire database, executable binary and tw.config file are
>>> supposed to be located on read only media. An attacker could
>>> edit the cron process, that runs Tripwire automatically, to run a
>>> hacked version, but that would still fail with manual audits
>>> which should be done at least once a week.
>> Yes, supposed to be...but who actually does that?
>
> People who don't spend enough time auditing their firewall
> config.
Yes. :) But it's not a perfect world. I remember my biggest
complaint about moving to SCSI disks from SMD and IPI about eleven
years ago: no write-protect buttons.
-Dave
--
Dave McGuire "My tummy hurts now, but my soul
Cape Coral, FL feels a little better." -Ed
More information about the rescue
mailing list