Tripwire signatures
From: Chris Purcell (redhat_at_cjp.us)
Date: 06/30/04
- Previous message: Ed Wilts: "Re: Pleas Help Me"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 30 Jun 2004 10:09:34 -0400 (EDT) To: <redhat-list@redhat.com>
I have a RH73 server that runs Tripwire on a nightly basis. I wrote a
short Perl script that checks the signatures of the Tripwire binaries
(twadmin, tripwire, and siggen) against their signatures that are stored
on a read-only medium. These signatures were created when Tripwire was
first installed a year ago. The server was up and running flawlessly for
over 300 days until the other day when it crashed with nothing in the logs
to show what happened. The next night I accidentally had yum updates
started so it did a yum update and updated over 3500 files. It didn't
touch the tripwire files, but for some reason the signatures on the
Tripwire binaries changed. The files haven't been modified since 2002,
according to the output of 'ls -l'. What would cause the signatures to
change besides a hacker trying to cover up this tracks?
Thanks,
Chris
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Ed Wilts: "Re: Pleas Help Me"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
