From: Patrick B. O'Brien (pobrien@DOIT.NV.GOV)
Date: Fri Dec 05 2003 - 19:22:00 EST
I like the tripwire idea.
Thank you!!
-----Original Message-----
From: Adams Kevin J [mailto:kevin.adams@PHS.COM]
Sent: Friday, December 05, 2003 4:06 PM
To: aix-l@Princeton.EDU
Subject: Re: MD5 Script
Patrick,
One suggestion is to run a hash against all the files in the TCB which sysck
would report against: /etc/security/sysck.cfg.
You can use tripwire off the BULL or UCLA site and it uses several or any
combination of hashes.
It maintains it's own database and has several levels of reporting.
It does md5 (signature1) and it accomplishes what you are trying to do.
There is a supported more robust commercial version too if you really like
it and have a budget.
Kevin Adams
PacifiCare Behavioral Health
Principal Systems Analyst
AIX CATE
-----Original Message-----
From: Patrick B. O'Brien [mailto:pobrien@DOIT.NV.GOV]
Sent: Friday, December 05, 2003 2:49 PM
To: aix-l@Princeton.EDU
Subject: [aix-l] MD5 Script
I have md5 and I can run it against any file. But what is the protocol?
Should I do an MD5 check on most of the rootvg files? That seems like a big
job, doing an md5 and then diffing that report with the MD5 results from the
day before.
Are people doing MD5 checks out there on a daily basis? How are you doing
it?
TIA!
This electronic message transmission, including any attachments, contains
information from PacifiCare Health Systems Inc. which may be confidential or
privileged. The information is intended to be for the use of the individual or
entity named above. If you are not the intended recipient, be aware that any
disclosure, copying, distribution or use of the contents of this information
is prohibited.
If you have received this electronic transmission in error, please notify the
sender immediately by a "reply to sender only" message and destroy all
electronic and hard copies of the communication, including attachments.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:23 EDT