Author: Benjamin D. Thomas
were released for sup, super,
rlpr, Multiple, kernel, libpng and Usermin. The distributors include
Debian,
EnGarde, Fedora, Gentoo, Openwall, Red
Hat, Trustix, and Turbolinux.
Tripwire
Monitoring
Tripwire is a
program that monitors file integrity by maintainig a
database of cryptographic signature for programs and configuration
files installed on the system, and reports changes in any of these
files.
A database of
checksums and other characteristics for the files listed
in the configuration file is created. Each subsequent run compares any
differences to the reference database, and the administrator is
notified.
The greatest
level of assurance that can be provided occurs if Tripwire
is run immediately after Linux has been installed and security updates
applied, and before it is connected to a network.
A text
configuration file, called a policy file, is used to define the
characteristics for each file that are tracked. Your level of paranoid
determines the frequency in which the intergrity of the files are
checked. Administration requries constant a ttention to the system
changes, and can be time-consuming if used for manysystems. Tripwire is
available in unsupported commercial binary for Red Hat and similar
distributions.
Here are several
examples:
# Create policy
file from text file
/usr/TSS/bin/twadmin
-m P policy.txt
# Initialize
database according to policy file
/usr/TSS/bin/tripwire
–init
# Print database
/usr/TSS/bin/twprint
-m d
# Generate daily
report file
/usr/TSS/bin/tripwire
-m c -t 1 -M
# Update
database according to policy file and report file
/usr/TSS/bin/tripwire
–update –polfile policy/tw.pol
–twrfile
report/-.twr
Security Tip
Written by Ryan Maple (ryan@guardiandigital.com)
Additional tips
are available at the following URL:
http://www.linuxsecurity.com/tips/tip-25.html
Until next time,
cheers!
Benjamin D.
Thomas
ben@linuxsecurity.com
LinuxSecurity
Feature Extras:
Open
Source Leaving Microsoft Sitting on the Fence? – The open source
model, with special regard to Linux, has no doubt become a formidable
competitor to the once sole giant of the software industry,
Microsoft. It is expected when the market share of an industry leader
becomes threatened, retaliation with new product or service offerings
and marketing campaigns refuting the claims of the new found
competition are inevitable. However, in the case of
Microsoft, it seems they have not taken a solid or plausible position
on the use of open source applications as an alternative to Windows.
Interview with Brian
Wotring, Lead Developer for the Osiris Project – Brian Wotring is
currently the lead developer for the Osiris project and president of
Host Integrity, Inc. He is also the founder of
knowngoods.org, an
online database of known good file signatures. Brian is the co-author
of Mac OS X Security and a long-standing member of the Shmoo Group, an
organization of security and cryptography professionals.
Guardian
Digital Launches Next Generation Secure Mail Suite –
Guardian Digital, the premier open source security company, announced
the availability of the next generation Secure Mail Suite, the
industry’s most secure open source corporate email system. This latest
edition has been optimized to support the changing needs of enterprise
and small business customers while continually providing protection
from the latest in email security threats.[ Linux
Advisory Watch ] – [ Linux Security Week
] – [ PacketStorm
Archive ] – [ Linux
Security Documentation ]
Linux Advisory Watch is a comprehensive newsletter that
outlines the security vulnerabilities that have been announced
throughout the week. It includes pointers to updated packages and
descriptions of each vulnerability.
[ Subscribe
]
| Distribution: | Debian | ||
| 6/19/2004 | sup | ||
| Format string vulnerability
By explointing this, a remote attacker could potentially cause |
|||
| 6/19/2004 | super | ||
| Format string vulnerability
This vulnerability could potentially be exploited by a local user to |
|||
| 6/19/2004 | www-sql Buffer overflow vulnerability |
||
| Format string vulnerability
Exploiting this vulnerability, a local user could cause the execution |
|||
| 6/21/2004 | rlpr | ||
| Format string vulnerabilities
By exploiting one of these vulnerabilities, a local or remote user |
|||
| Distribution: | EnGarde | ||
| 6/21/2004 | Multiple | ||
| ‘kernel’ vulnerabilities
This update fixes several security vulnerabilities in the Linux Kernel |
|||
| 6/21/2004 | kernel | ||
| 2.4 Multiple vulnerabilities
This update fixes several security vulnerabilities, including the |
|||
| Distribution: | Fedora | ||
| 6/21/2004 | libpng | ||
| 1.2 Denial of service vulnerability
An attacker could carefully craft a PNG file in such a way that it |
|||
| 6/21/2004 | libpng | ||
| 1.0 Denial of service vulnerability
An attacker could carefully craft a PNG file in such a way that it |
|||
| Distribution: | Gentoo | ||
| 6/18/2004 | Usermin | ||
| Multiple vulnerabilities
Usermin contains two security vulnerabilities which could lead to a |
|||
| Distribution: | Openwall | ||
| 6/21/2004 | kernel | ||
| Multiple vulnerabilities
This update fixes multiple security-related bugs in the Linux kernel as |
|||
| Distribution: | Red Hat | ||
| 6/18/2004 | libpng | ||
| Buffer overflow vulnerability
Updated libpng packages that fix a possible buffer overflow are now |
|||
| 6/21/2004 | kernel | ||
| Multiple vulnerabilities
This contains two similar advisories, once set fixing RHEE 3, and the |
|||
| Distribution: | Trustix | ||
| 6/21/2004 | kernel | ||
| Multiple vulnerabilities
During checks of the Linux 2.6 source using an automated tool called |
|||
| Distribution: | Turbolinux | ||
| 6/19/2004 | kernel | ||
| Denial of service vulnerability
The vulnerability allows an attacker to make the cause of the denial of |
|||
