similar to: Different Forms of attack...

-=> To moderator: I don't know whether it's wise to release the FTP-location I would recommend everyone to just look over their daemons, and run something like nessus against theirselves... Greetings, Jan-Philip Velders ---------- Forwarded message ---------- Date: Thu, 25 Mar 1999 16:26:59 -0700 From: "Ben Cantrick (Macky Stingray)" <mackys@MACKY.RONIN.NET> To:

I''d like to hear some suggestions about securely administering a system remotely. Here''s the application: a project is going to scatter some server machines around the US. The server machines will be running Linux, with the only network servers being a custom application. Ignoring the separate question of physical security, how can I remotely check the system''s

Does anybody use tripwire on centos 5? Has anybody checked that: http://www.linickx.com/archives/281/tripwire-2411-rpm-for-centos-redhat-rhel-4 on centos5? M. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL:

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't

I am trying to write a module for tripwire. I need to push out the twcfg.txt and twpol.txt files only if the tw.cfg and tw.pol files do not currently exist. How can do I this with File{}? I''m can''t seem to find a way to do it. In general times, how can you deploy file A only when file B does not exist? And... tripwire... what a mess. I am trying to use push out the site key,

Hi all, I have two prodction servers with FreeBSD 5.4 (all security patches are applied). They running some services like dns, ssh, http, ftp, etc. But I woukd like to encrypt some services for some hosts with ipsec when it is accessed. For example: - DNS resolution: not encrypted. - DNS replication master-slave: encrypted by ipsec. - Telnet: encrypted by ipsec for some hosts. Deny

I'm trying to run tripwire on a RHEL 5.4 box. I'm new to it. I'm getting errors: The object: "/ora" is on a different file system...ignoring. For one thing, it's not a different file system. It's not any different than the root partition, that tripwire will monitor. And I want tripwire to monitor it. I've been googling around, and have seen this error in

Hi, I'm running some databases's software on a CentOS 4.5 server and I'd like to know if there are any audit software in CentOS4.5 CDs packages?.....I need some software to audit all the files on the server, I mean, if some one delete a file, or change some permissions on any filesystems, if someone copy files to my server and some of this stuff... take in mind I'm not lookign for

Hi, I literally have about 36 machines running CentOS on a private network, and will probably change the remaining 30 or so away from Whitebox or RH in the near term. One thing I just noticed was when I tried to search out Tripwire RPM's, that none seemed evident. Can anyone point me in the direction of an Tripwire RPM that works with CentOS 4.3, or advise me on how to create one from the

I am looking for a location where I can get tripwire to install and update via YUM. I know this is not the most secure thing but with the amount of machines that I have, I have not other choice. So far I have found http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ Does anyone know one for CentOS? Thanks ---------------------------------------------------------------------- This mail

Hello, when one has physical access to a computer, he can run something like tripwire, with keys and checksum on a separate, write-only media, to verify the integrity of the system. What if the system is a remote one (in my case Centos 4.3 on a User Mode Linux VPS some hundred of KMs from here)? Does it still make sense to run tripwire remotely? If yes, how, since you cannot plug a floppy or

Is there a redhat or contrib RPM for tripwire? I looked and didn't find one, but may not have been looking in the right place. Zebee

Actually I just looked at my RH 5.2 dist and it looks as if Tripwire 1.3 is shipped with it.

Hello all, Years ago, I used to work with tripwire for system monitoring. Last time I checked with "yum search tripwire", there is no hit. IIRC, it used to be packed by default on older Redhat distros. Any suggestion for an alternative of tripwire for my CentOS 5.6? Cheers, -- ********************************************************************** Viet Nhat General Joint Stock

Hi folks, on CentOS 6.5 I run tripwire software which verifies data integrity. My system is automatically updated by yum (as far as I understand the /etc/cron.daily/0yum.cron is responsible for the regular system updates). After a system update I'm then notified by tripwire about the changes on the file system. By browsing those tripwire reports I found that there are files which did

Hi all. This might seem really naive, but can mtree be used effectively as a native-to-core-OS tripwire equivalent? Would it be as efficient in terms of time-to-run and resource requirements? What sort of pitfalls should I be aware of? Has anyone here done this? If so, would you care to share your scripts/techniques? Thanks, Dave -- ______________________

Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ?What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed -- Thanks, Jordi Espasa Clofent

As halflife demonstrated in Phrack 50 with his linspy project, it is trivial to patch any system call under Linux from within a module. This means that once your system has been compromised at the root level, it is possible for an intruder to hide completely _without_ modifying any binaries or leaving any visible backdoors behind. Because such tools are likely to be in use within the hacker

Hi. We have a configuration and audit application called Tripwire Enterprise (7.5) that is running on a Red Enterprise Linux 5.2 server. On this server, we are using winbind (samba version 3.0.33) for authentication (against Windows AD). When we try to run a configuration check on users and permissions we get an error that there is a problematic frame : C [libnss_winbind.so.2+0x129f] . I

I am trying to get tripwire 1.2 patch level 2 on Redhat 6.2 to run out of cron and so far have failed miserably. It runs fine from the command line so I know my configuration is ok, but when it runs from cron it gets to Phase 3 and simply exits. It doesn''t generate any error messages or leave any core files laying around.