Back in the 1990s, there was a tool called ‘tripwire’ that checked key files against expected checks...

michaelt • yesterday at 5:24 PM • 4 replies • view on HN

Back in the 1990s, there was a tool called ‘tripwire’ that checked key files against expected checksums.

As I recall, they recommended putting the expected values on a floppy disk and setting the ‘write protect’ tab, so the checksums couldn’t be changed.

Replies

FuriouslyAdrift • yesterday at 5:43 PM

tripwire was the orginal file integrity anti-virus/anti-tampering software from the security group (which turned into CERIAS) at Purdue led by Dr. Eugene "Spaff" Spafford.

https://docs.lib.purdue.edu/cstech/1084/

Bender • yesterday at 9:51 PM

For some time a number of people and companies have been using OSSEC for that job. [1] There are a couple versions of it free open source and enterprise. There are a handful of other programs that also keep an eye on checksums.

If tinkering with OSSEC one of the first steps should be to configure whitelisting for IP ranges and CIDR blocks used by your company, SNAT addresses and bastion IP's so that someone does not lock everyone out. It does a lot more than checksums.

[1] - https://www.ossec.net/

monocasa • yesterday at 11:48 PM

A flash drive with a port on each side (one RO and the other RW) would be neat.

Terr_ • yesterday at 5:27 PM

Back in the 90s I fantasized about a hard drive bay with a physical write-protect switch on the cover plate.

➕ show 2 replies

alt Hacker News

Replies