Says Magnus Hedemark: >Omri Schwarz [mailto:ocschwar at MIT.EDU] said: > >> Hi, all, I'm wondering if this was done yet, or if the script >> needs to be written, one that will check incoming .hdr files to >> know which file on a system are about to be over-written for a >> Yum update, and then tells Tripwire to update those files and >> those files only. >Doesn't it kind of defeat the security of tripwire to automate database >updates? It already defeats the security of tripwire to use yum at all, because after a yum update tripwire finds all these files to complain about, and one becomes too lazy to make sure all of them came from the update. >Scenario: Cracker gets in, modifies your /etc/yum.conf to point to his own >repository, downloads a root kit in RPM form, and you never know about it >because tripwire did what I think you're describing here. Not doable when yum's logs are gathered remotely, and can be cross checked against the logs of fellow Linux machines, and against the header files available from every yummified Redhat/Fedora/[your distro here] mirror on the net. (I'm subbed now, so other messages will be properly threaded, please pardon the annoyance.)
