RE: can tripwire be used for sensor integrity???

["Rob Shein" <shoten () starpower net>]

Keep one thing in mind; tripwire does not detect LKM trojans or tampering.
There are tools to deal with this; fnord was the first, I believe, but may
be too narrowly-designed for mass consumption, if I correctly remember what
the creators said at BlackHats '01. Still, they clearly delineate the nature
of kernel integrity protection.

http://www.synacklabs.net/projects/fnord/

> -----Original Message-----
> From: Gaurav_Jindal [mailto:gaurav_jindal () da-iict org] 
> Sent: Sunday, February 01, 2004 11:28 AM
> To: focus-ids () securityfocus com
> Subject: can tripwire be used for sensor integrity??? 
>
>
>
> I got to know that tripwire coudl work to find out the 
> integrity , can 
> it be used for integrity of sensors.
> As what I read from tripwire that
>
> Tripwire creates a 'secure' (normally kept on a read-only 
> disk/diskette 
> along w/ the tripwire executable) database of file and directory 
> attributes (including, if you want, complex MD5 and snefru 
> signatures) 
> which then can be used to compare against to see if a file or 
> directory 
> has changed somehow. If a cracker has broken in and replaced 
> your /bin/date file w/ a trojan horse version, tripwire will let you 
> know.
>
> do let me know is someone has used some kind of stuff like 
> this for ids 
> sensors  to find attack in distributed environment?..
>
> Thanking you,
> With Regards,
> Gaurav Jindal
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------