From: jeff barratt-mccartney (jbarratt@COMPSAT.COM)
Date: Fri Feb 13 2004 - 22:14:01 EST
gustavo,
if your goal is to check(for trojan horses/etc) every binary every time it
is launched,it is my understanding that you HAVE to use TCB.I may be wrong
here.Can anyone correct me? TCB(Trusted Computing Base?) is very stringent
and works everytime. It is also not an 'upgradable feature' you need to
select it at install time. to move to TCB I believe you can just backup your
existing environment, reinstall selecting TCB at install time, and lay down
your applications/etc. my understanding is that TCB is fool proof, I know
from the one time I used it, that it was also a PITA. maybe this observation
was my inexperience at time.
Tripwire is 1. not free(open source and 2. not fool proof.
I have to ask the question...what problem or perceived problem are you
trying to solve? If your concern is trojan horses set up by other root
users, then you need to severely limit root access, if your concern is
trojan horses created by nonroot users, then I suggest you investigate some
simple security precautions(sudo) that are not addressed by default AIX
installs. A good primer on the subject is quickly found on google if you
search for "bastion aix". If you are simply interested in making sure the
binaries jive, lppcheck will do the job, assuming lppcheck hasn't been
compromised.
IMHO the AIX community has turned a blind eye to security. There are a
considerable number of holes in AIX, and I am surprised by the lack of
communication on this listserv on this subject.
I am not playing the high and mighty here, nor am I preaching to the choir,
certainly some of the posters and lurkers here have some opinions.
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
Fette, Gustavo
Sent: Friday, February 13, 2004 3:10 PM
To: aix-l@Princeton.EDU
Subject: Re: OS binaries integrity check
Well I didn't find TCB nor in my server neither in the web.
But I found the tripwire installarion tutorial ay IBM, but I got compilation
errors, so I don't know if someone of you guys have it compiled for 4.3 and
5.1?
I've found fcheck and another soft more, but I still have to compile or
configure them...
Regards,
Gustavo.-
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of Bill
Verzal
Sent: Friday, February 13, 2004 4:24 PM
To: aix-l@Princeton.EDU
Subject: Re: OS binaries integrity check
You install it with the OS. If it is not there now, you can't use it.
BV
--------------------------------------------------------
"If everything is coming your way, then you are in the wrong lane"
Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax
"Fette, Gustavo"
<gustavo.fette@ED
S.COM> To
Sent by: IBM AIX aix-l@Princeton.EDU
Discussion List cc
<aix-l@Princeton.
EDU> Subject
Re: OS binaries integrity check
02/13/2004 12:59
PM
Please respond to
IBM AIX
Discussion List
<aix-l@Princeton.
EDU>
And where I can get it?
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of Bill
Verzal
Sent: Friday, February 13, 2004 3:51 PM
To: aix-l@Princeton.EDU
Subject: Re: OS binaries integrity check
TCB
--------------------------------------------------------
"If everything is coming your way, then you are in the wrong lane"
Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax
"Fette, Gustavo"
<gustavo.fette@ED
S.COM> To
Sent by: IBM AIX aix-l@Princeton.EDU
Discussion List cc
<aix-l@Princeton.
EDU> Subject
OS binaries integrity check
02/13/2004 12:38
PM
Please respond to
IBM AIX
Discussion List
<aix-l@Princeton.
EDU>
Hello:
Does anyone know about a free tool to check the integrity of
the binaries of my system?
I mean, some kind of tools that run against ie: ls, shutdown, etc give me a
hash that I can have to compare with a new hash ie every month...
Thanks in advance.
Regards,
Gustavo Fette
MMH - GOSD
EDS Argentina
Arias 1851 - Buenos Aires
Phone: +54 11 4704-3403
Mobile: +54 9 11 5110-2325
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:36 EDT