tripwire without secure read-only storage ?

Do any of you have any advice on how to build a
secure intrusion detection system when there is
no read-only storage (floppy, CDROM)?

This is for a blade server that has a disk drive
but no read-only storage. The likely candidates
are Tripwire and the Easy Integrity Check System.

thanks in advance
Bob Smith

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bob Smith <bsmith@linuxtoys.org> writes:

>Do any of you have any advice on how to build a
>secure intrusion detection system when there is
>no read-only storage (floppy, CDROM)?

Compute the md5sum of your tripwire database. Then print that out.

Whenever you run tripwire, recompute the md5sum, and compare with
your printed copy.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.91 (SunOS)

iD8DBQFBkL6SvmGe70vHPUMRAmBrAKCxVTNPw0epYIQtX/2lRHzHO6UWrACghy7z
J/dYa6iy6j7RHtHyBEwDgqI=
=gF0R
-----END PGP SIGNATURE-----

In article <oj4662-ot.ln1@mail.linuxtoys.org>, Bob Smith wrote:

>Do any of you have any advice on how to build a
>secure intrusion detection system when there is
>no read-only storage (floppy, CDROM)?

Store the _statically compiled_ intrusion detection application and it's
data files on a remote computer. Log in, fire up a secure file transfer
program, and copy the remote files to /tmp (or equal) and run them from
there. When you modify any files on the server, re-run, and make a new
data set, which is stored on the remote computer.

>This is for a blade server that has a disk drive
>but no read-only storage.

Yes, but it's certain to have a network connection.

>The likely candidates are Tripwire and the Easy Integrity Check System.

Those will do.

Old guy

Bob Smith <bsmith@linuxtoys.org> wrote in message news:<oj4662-ot.ln1@mail.linuxtoys.org>...
> Do any of you have any advice on how to build a
> secure intrusion detection system when there is
> no read-only storage (floppy, CDROM)?
>
> This is for a blade server that has a disk drive
> but no read-only storage. The likely candidates
> are Tripwire and the Easy Integrity Check System.

Would it be possible to mount a read-only NFS
share, or SMB share from a remote host?

You could compute the database with the share
mounted read-write then change it to be read only
later on the other machines server.

Steve
--
Debian System Administration.
www.debian-administration.org

rickert+nn@cs.niu.edu news:cmqeql$4db$1@usenet.cso.niu.edu

> Compute the md5sum of your tripwire database. Then print that out.
> Whenever you run tripwire, recompute the md5sum, and compare with
> your printed copy.

And use live-cd read-only linux like knoopix to calculate it.

--
~~~~=~~~~l_;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
_|\___J \____, Pozdrawiam, moje www, C++, kontakt, itd.:
X-( ssn256 ) Rafal Maj Raf256 - http://www.raf256.com/me-news/
,"-------------" (strona w budowie)