tools for verifying data integrity

tools for verifying data integrity

Post by Hong » Thu, 13 Dec 2001 00:58:42



Hi All,

We're currently using COPS for verifying data integrity, and would like to
move to tripwire
for detecting unexpected changes to the system files etc. However it would
cost us a lot to
go for the commercial version to cover all systems here, but the free ASR
version is said
to be "All or nothing" checking, and email reporting might not be quite
selective. Thus I
wonder which tool you use at your site? What's your comment on using the
free ASR
version of tripwire?

Many thanks in advance,
Hong

 
 
 

tools for verifying data integrity

Post by David Kirkb » Thu, 13 Dec 2001 02:45:46



> Hi All,

> We're currently using COPS for verifying data integrity, and would like to
> move to tripwire
> for detecting unexpected changes to the system files etc. However it would
> cost us a lot to
> go for the commercial version to cover all systems here, but the free ASR
> version is said
> to be "All or nothing" checking, and email reporting might not be quite
> selective. Thus I
> wonder which tool you use at your site? What's your comment on using the
> free ASR
> version of tripwire?

> Many thanks in advance,
> Hong

I did use the free version of tripwire and configured it via an external script,
to shut the machine down in the event of a problem. I found that strategy more
of a nuisance than value, as it was easy to change a file purposely and find the
machine gets shut down. I lost count of the number of times the machine shut
itself down, when I had changed a file, but there was no hacker. Emailing
yourself might be better, but of course you might be too late to respond to it.

I'm not quite sure who told you tripwire needs to be 'all or nothing', as I felt
that one can configure exactly what files get checked, and how they are checked
(e.g. if they are log files, you must expect them to grow, but not shrink). You
can set it to use one or two (or even more I expect) methods for checking for
changes.

I'm a home user, with only a couple of suns, so perhaps if you were
administering 100 machines, the free version might be limited, although with a
bit of thought, and a few scripts, I would have thought it possible to use it on
a large network.

My only concern would be that if it is run often enough to be useful, it would
have a negative impact on performance. It is not the sort of thing that can be
run once overnight - I used to run it every 15 minutes, but I know others to run
it every 5 minutes. That has a negative impact on performance. I'm not sure if
there is an answer to that.

--
Dr. David Kirkby Ph.D,


web page: http://www.david-kirkby.co.uk      
Amateur radio callsign: G8WRB