[rescue] SGI fw_sshd and security

[Kevin]

Your Tripwire database, executable binary and tw.config file are
supposed to be located on read only media.  An attacker could
edit the cron process, that runs Tripwire automatically, to run a
hacked version, but that would still fail with manual audits
which should be done at least once a week.

/KRM

On Sun, 7 Mar 2004 17:03:09 -0500
Dave McGuire <mcguire at neurotica.com> wrote:
> 
>    Well in that case, something like tripwire would be your
>    friend, but then if the perp could arbitrarily write to
>    root-owned, write-protected files I suppose that'd be
>    useless too.