Tripwire signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have a RH73 server that runs Tripwire on a nightly basis.   I wrote a
short Perl script that checks the signatures of the Tripwire binaries
(twadmin, tripwire, and siggen) against their signatures that are stored
on a read-only medium.   These signatures were created when Tripwire was
first installed a year ago.  The server was up and running flawlessly for
over 300 days until the other day when it crashed with nothing in the logs
to show what happened.   The next night I accidentally had yum updates
started so it did a yum update and updated over 3500 files.  It didn't
touch the tripwire files, but for some reason the signatures on the
Tripwire binaries changed.   The files haven't been modified since 2002,
according to the output of 'ls -l'.   What would cause the signatures to
change besides a hacker trying to cover up this tracks?

Thanks,
Chris



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux