The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[security] tripwire

Discussion in 'Security' started by Radio_Head, May 8, 2003.

Thread Status:
Not open for further replies.
  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
  2. vishal

    vishal Well-Known Member

    Joined:
    Jan 28, 2003
    Messages:
    340
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
  3. NeutralGold

    NeutralGold Well-Known Member

    Joined:
    Jun 5, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    hmm, I wouldnt mind knowing as well, It seems its going to keep logs on all this stuff, which could possibly be a bad idea considering the user count on a webhosting production server. Those logs could potentially get huge and cause problems without a daily visit/deletion
     
  4. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    .
     
  5. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Well, I bit the bullet and installed it. I haven't yet figured out how it works, but if and when I do I'll let you guys know.
     
  6. NiN

    NiN Active Member

    Joined:
    Apr 30, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Braga, Portugal
    Tripwire is a must-have, on every server!
    If you don't know how to use it just check redhat ref-guide

    rkdet I never used ...

    Regards
     
  7. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    uhm .. the problem is not how to use , the problem is if it could cause problems to Cpanel/WHM . Just today , Darkorb told me that they change some rpm causing wrong rpm checksum signal
    (size and md5). So what happens when tripwire found rpms with wrong checksum because modified by cpanel ?
     
  8. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Hi, NeutralGold,

    Well, if you were not going to look at each day, you'd not be getting much of the benefit. The point of the software is that it will tell you quickly when there are changes. Some changes happen every day, such as certain log stuff. But other changes, those are the ones you want to check into.

    It will give you a list of what's changed, first a summary and then a detailed list. You look them over. Everything OK? great, you run a command that updates tripwire's database so that *now* is the current state for later comparison.

    Tripwire protects itself from manipulation by making these changes only with the use of a passphrase; that is, the database is encrypted.

    Yes, you'll have to look each day, and yes you'll have to type your passphrase each day, but that's the very way you monitor for changes each day.
     
  9. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    What would happen is that tripwire will tell you: "This file blahblahblah.rpm has changed".

    You then look at the file and you say, oh that's the update from cpanel. No problem. (In other words, you've been advised of a change. it's a harmless change. ) You then permit the tripwire database to be updated, including this new file as the current configuration.

    Not really a problem.

    Assuming you've set up tripwire as a cron job, you'll be getting the tripwire email report, and also the cpanel nightly backup/update report. If you see a rpm has changed, and you're undertain, look it up on the cpanel nightly report. There it is? OK. no problem.
     
  10. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    Thank you , you was clear . It seems good . Of course I suppose you can exclude /home for your tripwire monitor ...
     
Thread Status:
Not open for further replies.

Share This Page