"Similarly, Tripwire (but not AIDE) can sign its checksum database so that you can have a high level of confidence in its data."

Actually there is a cvs version of AIDE that implements database signing. It works by calculating md5sum from the database but it doesn't use normal seed for m5sum.

I think that the author is planning to add gpg support to AIDE.

Signed or not - you shouldn't trust the data on the suspected computer. I'd recommend storing databases somewhere else than on those computers which you are checking with aide/tripwire etc.


PS. if you want to test this feature, remember to check out aide2 instead of aide (cvs co aide2)



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/129/17406#17406