Re: aide security?

[Pete Hunt <mail () petehunt co uk>]

At 07:26 25/08/2003 +0200, Janus N." Tøndering wrote:
> Hi,
>
> I am in the process of preparing a new install of Debian for a machine.
> Having installed aide it seems to me that it does not really help
> anything. How am I going to the database trustable? Is there some way to
> cryptographically sign it? Otherwise, an intruder could just as well
> fiddle with the database, right?!

You could save a copy of the database to a floppy / cd.  So long as you 
updated the copy when you made large changes to the system, you'd have a 
trusted database to check against if you suspected interference.

I haven't used aide, but this works with Tripwire (which does roughly the 
same thing).  Tripwire signs the database as well.

HTH

Pete


> Hope you can give me some pointers...
>
> Janus N. Tøndering
>
> --
> Janus N. Tøndering <janus () bananus dk>
>
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event.  Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor.  Early-bird registration ends September 
> 6.Visit us: www.blackhat.com
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------