Hi , Ed Nikhil again :) Can you please give me some more details on tripwire.. Thanks, Nikhil. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Ed Wilts Sent: Wednesday, December 29, 2004 8:34 PM To: General Red Hat Linux discussion list Subject: Re: monitor remote rpm database On Wed, Dec 29, 2004 at 08:18:41PM +0530, Mulley, Nikhil wrote: > But how it can be spoofed , as I see that no user has write > permissions on /var/lib/rpm Hmmmm. I know you are taking about local > sudo users who can have anything with the system ... but what is the > necessary change that you would suggest at /etc/sudoers file so that > no one except genuine root has write permissions on to these files If you don't trust the users, the sudoers file should not allow the users to get a root shell - they should be restricted to very specific procedures that you have audited to make sure they can't do anything they're not supposed to do. If you're after security auditing, the rpm database is not the right place. If your system has been penetrated and a bad guy has taken over your system, the rpm database is likely one of the priorities for hiding his/her tracks. If you really need a security audit as to what changes have happened on the system, look at something like tripwire instead. If rpm database listings are good enough, then rpm is certainly much simpler to work with. -- Ed Wilts, RHCE Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
