Posted by
krow
on from the keeping-out-the-riff-raff dept.
Long time sysadmins who are accustom to using Tripwire might find this interesting. Tripwire and Covalent have released a version of Tripwire's intrusion detection software product integreated into Apache.
Maybe I'm just pessimistic...
by
wizzy403
·
· Score: 2
... But I can't see this working easily for sites like/. where you have user-inputted content that changes rapidly. How do you tell the tripwire database that the replies that are being posted are "ok" changes, but that putting a big goatsex banner on the main page isn't?
The other thing I thought while reading it is how do you keep the "redirect" url safe? If someone hacks the main page, how do you keep the page that says "we've been hacked, we'll be right back" from also being goatsexed?
Re:Maybe I'm just pessimistic...
by
Strog
·
· Score: 3
The website talks about protecting dynamic data too. They list PHP and Perl as supported.
<grain_of_salt> I assume that it will protect the source files (.pl,.php, etc.) but still would allow you to try to alter the output if the code has a hole in it. My coding is rudimentary at best so I guess I would be a candidate for having my code exploited. The good news is that the source can't be hacked without tripwire catching it so they could continue to exploit it until I actually got the code fixed.</grain_of_salt>
Tripwire states that it is multiplatform then goes on to list Multi-*nix. The datasheet adds NT and 2000 to the list. Aren't they proud of their Win32 product too?
Re:Maybe I'm just pessimistic...
by
delibes
·
· Score: 3
I agree sort of. For simple templated pages with no user feedback it'll work fine. But remember/. is moderated, so part of the workflow procedure could automatically calculate a new checksum for content that passes moderation.
If it's a an Apache server module (mod_tripwire?) then potentially a redirect URL could be coded into the DSO. Makes it harder to change via a hack (not very hard though), but also harder to admin (though how often are you going to change the Tripwire redir URL huh?). Something like Tripwire for Apache would at worst add an extra layer of obfuscation. At best it could cut out a few more script kiddies.
Hmm, just thought, this is begging to be written as a servlet 2.3 filter... 'scuse me I'll be right back...
Come on folks there a plenty of products that can tell you when a file changes... and ALL of them work with Apache. For some of them check our here . Geez, anything to make a buck.
corporate sellout whores
by
Anonymous Coward
·
· Score: 2
That's what Tripwire is, corporate sellout whores. Sorry to Gene and the other few cool people who work there, but the place is being run into the GROUND by a dumbass marketting department and choked out of businnes by idiot middle management.
I highly advise anybody looking at this group to deploy on any type of production server to think again, there are many ways around tripwire.
Even without the kernel module type hacks.
That, and they have no clue about security.
This from a "security" company. Sigh.
BTW, this isn't tripwire for apache. This is software developed by covalent (not that bad a thing) but with Tripwire "branding"
Slashdot Mirror
... But I can't see this working easily for sites like /. where you have user-inputted content that changes rapidly. How do you tell the tripwire database that the replies that are being posted are "ok" changes, but that putting a big goatsex banner on the main page isn't?
The other thing I thought while reading it is how do you keep the "redirect" url safe? If someone hacks the main page, how do you keep the page that says "we've been hacked, we'll be right back" from also being goatsexed?
Come on folks there a plenty of products that can tell you when a file changes... and ALL of them work with Apache. For some of them check our here . Geez, anything to make a buck.
That's what Tripwire is, corporate sellout whores. Sorry to Gene and the other few cool people who work there, but the place is being run into the GROUND by a dumbass marketting department and choked out of businnes by idiot middle management.
I highly advise anybody looking at this group to deploy on any type of production server to think again, there are many ways around tripwire.
Even without the kernel module type hacks.
That, and they have no clue about security.
This from a "security" company. Sigh.
BTW, this isn't tripwire for apache. This is software developed by covalent (not that bad a thing) but with Tripwire "branding"
"brand"
Pfah. Marketting BULLSHIT.
s/branding/market wh0res/g;