[ Pobierz całość w formacie PDF ]

# correctly set.):
@@ifhost babyboy.mamabear.org || babygirl.mamabear.org
@@ define TEMPLATE_S N
@@else
@@ define TEMPLATE_S E
@@endif
/var/Honeypot @@TEMPLATE_S
# Naturally only relevant for  Bear cubs !
# The content can also be structured with  @@define . Complex configura-
# tion files can be made much more clear with this:
@@define private E
@@define critical R-12+78
@@define secret N-a
/home/Helga @@private
/home/Axel @@private
/root @@critical
/sbin @@critical
/etc/inetd.conf @@critical
/etc/hosts.allow @@critical
/root/banking-details @@secret
62 LINUX MAGAZINE 6 · 2001
ÿø058tripwire.qxd 02.02.2001 13:49 Uhr Seite 63
TRIPWIRE KNOW-HOW
owner which are to be scanned, this should be interprets special keywords such as @@include,
displayed by  +ug-pinsamc123456789 or  - @@ifhost and @@define.
pinsamc123456789 . In the manpage of This effectively alleviates the use of Tripwire in
tw.config a corresponding indication has simply large heterogeneous environments. In such a
been omitted. network for example it is conceivable that the
For users who are less obsessed with detail configuration file could be reserved for a single
Tripwire provides pre-defined selection masks, so- computer and available to the other computers only
called templates. Table 3 contains these standard on request.
cases. And combinations of templates and select- Existing configuration files could be merged
flags such as into a single one, with the respectively valid
 N-a or  E+7 are permitted. variants then being determined by the enquiring
So the cryptic-looking character strings are computer at run time. In corporate networks with
markedly simplified with a template ; our example ten or more computers this saves a lot of work for
 User and group identification is thus reduced to the administrator! Of course, this only makes
 E+ug . The selection mask can also be left out sense if there can be no manipulation of the
completely. Then the standard template  R for environmental variables of the enquiring
 read-only comes into play. But beware: the computer!
important access-timestamp is thereby excluded
from the check!
An example clarifies the grey
The optimal combination of individual elements is
theory
produced from the function of the respective object
and the general requirement for system security. Enough abstraction! Figure 3 shows a (made-
The resource use can, despite deliberate up) example for tw.config, which presents, for
optimisation of the source code, turn out to be better understanding, selected elements from
critically high. Assembler inlays were out of the the fund of the options sketched in this article.
question in Tripwire on grounds of portability. I hope this little introduction to
If Tripwire is running as a background process, configuration may have sparked some interest in
this does not usually matter  on computers the inner life of the Filesystem Integrity Checker.
with sparse resources, though, it becomes a The next in the series will have the same
burden. ambition: it offers a fascinating look into the
In this case the optimisation has to be unfathomable depths of the signature function.
weighed against less computing-intensive Also, interesting new features in Version 2.2.1
signature algorithms. I would recommend will be presented.  %
replacing the (now out of date) template  R by a
self-defined selection mask. A good compromise
with respect to security and data throughput is
Info
 R-12+8 .
[1] The ext2 filesystem overview:
http://ftp.iis.com.br/pub/Linux/system/filesystem/ext2/Ext2fs-overview-0.1.ps.gz
A central configuration file on
[2] Snefru and accessories (Xerox): ftp://arisia.xerox.com/pub/hash
the Net
[3] National Institute of Standards and Technology: http://www.first.org
Professional users evaluated the feature of using [4] Tripwire site of NASA: http://lheawww.gsfc.nasa.gov/~srr/tripwire.html
just one configuration file on several computers of [5] Yuliang Zheng s Homepage: http://www.stcloudstate.edu/~bulletin/ee/index.html
varying architecture at the same time. Tripwire has a
single-stage preprocessor for this purpose, which  %
Table 3: The templates of the ASR
template Definition Application
R +pinugsm12-ac3456789 (R)ead-only: files which although generally accessible, can
only be read (Standard)
L +pinug-sacm123456789 (L)og file: User directories and files which are subject to
constant modification
N +pinugsamc123456789 ignore (N)othing: Full program. This selection mask is also
ideal as a starting point for users own definitions
E -pinugsamc123456789 ignore (E)verything: For inventory. Only added or deleted
objects are shown
> +pinug-samc123456789 growing file: files which constantly grow in size but are not
allowed to shrink
Device (2.2.1) +pugsdr-intlbamcCMSH Files which Tripwire must not open in the integrity test (these
include all device files)
6 · 2001 LINUX MAGAZINE 63 [ Pobierz caÅ‚ość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

sportingbet.opx.pl

• Indeks
• 33. Marshall Paula Dynastia Dilhorne'ow 03 Maskarada mimo woli
• Becky Wilde [Sugar Creek 03] Sara's Mates (pdf)
• John Connolly CP 03 The Killing Kind (com v4.0)
• Glen Cook Dread Empire 03 Shadow Of All Night Falling
• Jansen Muriel Walentynki (1998) 03 Pukać trzy razy
• Wil McCarthy The Queendom of Sol 03 Lost in Transmission (Bantam)
• Celmer Michelle Taniec zakochanych Sekrety bogaczy 03
• Harrison Kim Madison Avery 03 Nadejście Aniołów Mroku
• Graham Masterton Wojownicy Nocy 03 Nocna plaga
• Fred Saberhagen The Book of the Gods 03 The Arms of Hercules
• zanotowane.pl
• doc.pisz.pl
• pdf.pisz.pl
• sposobyna.keep.pl