The first problem is to be aware that weaknesses and/or patches actually exist.
initialise tripwire's database and then run regular checks to monitor for changes.
If possible, keep the master database on another machine, offline or on write-once media. To automate for many hosts, this script is then called from another script for each host that needs to be monitored. This script also assumes that the commercial tripwire is used on the central trusted host (only). Have applications been tested in detail, by different people with different points of view, from different access points on the network?
What is required, is a file integrity checker that uses secure (one-way) hashing algorithms.
Which is why the Yassp Tarball installs in /secure/tripwire.
RPC uses dynamic ports and provides no standard access control methods. The problem is that historically, many security weakness have been found in such programs allowing attackers with local accounts to become root by exploiting buffer over flows, race conditions etc.
Solaris has many "SUID root" binaries and each one presents a risk, so when hardening systems it is advisable to disable as many SUID program as possible.By Sen Boran article presents a concise step-by-step approach to securely installing Solaris for use in a firewall DMZ or other sensitive environment, using Sun's We assume that a "manual", as opposed to automated Jumpstart installation is used. Read-only Mounting filesystems read-only provides only a limited protection against Trojans/attackers (if they get root, they can remount read-write).Connect the serial console, switch on, halt to the OK prompt by sending a Stop-A (~#, ~%b, or F5 depending on whether you use packages which take only 110MB), set hostname, terminal, IP parameters, timezone, etc. Don't enable power management, or mount any remote file systems (NFS). It may save time fsck'ing when booting, can improve performance (access times don't need to be updated) and can prevent the sysadmin from making mistakes or help detecting mistakes (accidentally deleting files etc.). an error on the / or /usr lines can render the system unbootable!Tripwire uses several secure hashing algorithms (and in it's commercial form, provides cryptographic signing of it's database).At this stage of the installation, it is recommended to take a snapshot of the files on the newly configured system, i.e. BUT, it make forensics more difficult in case of an intrusion, since access times are not recorded.