Posted by
krow
on from the keeping-out-the-riff-raff dept.
Long time sysadmins who are accustom to using Tripwire might find this interesting. Tripwire and Covalent have released a version of Tripwire's intrusion detection software product integreated into Apache.
Re:Maybe I'm just pessimistic...
by
Strog
·
· Score: 3
The website talks about protecting dynamic data too. They list PHP and Perl as supported.
<grain_of_salt> I assume that it will protect the source files (.pl,.php, etc.) but still would allow you to try to alter the output if the code has a hole in it. My coding is rudimentary at best so I guess I would be a candidate for having my code exploited. The good news is that the source can't be hacked without tripwire catching it so they could continue to exploit it until I actually got the code fixed.</grain_of_salt>
Tripwire states that it is multiplatform then goes on to list Multi-*nix. The datasheet adds NT and 2000 to the list. Aren't they proud of their Win32 product too?
Re:Maybe I'm just pessimistic...
by
delibes
·
· Score: 3
I agree sort of. For simple templated pages with no user feedback it'll work fine. But remember/. is moderated, so part of the workflow procedure could automatically calculate a new checksum for content that passes moderation.
If it's a an Apache server module (mod_tripwire?) then potentially a redirect URL could be coded into the DSO. Makes it harder to change via a hack (not very hard though), but also harder to admin (though how often are you going to change the Tripwire redir URL huh?). Something like Tripwire for Apache would at worst add an extra layer of obfuscation. At best it could cut out a few more script kiddies.
Hmm, just thought, this is begging to be written as a servlet 2.3 filter... 'scuse me I'll be right back...
Slashdot Mirror
The website talks about protecting dynamic data too. They list PHP and Perl as supported.
.php, etc.) but still would allow you to try to alter the output if the code has a hole in it. My coding is rudimentary at best so I guess I would be a candidate for having my code exploited. The good news is that the source can't be hacked without tripwire catching it so they could continue to exploit it until I actually got the code fixed.</grain_of_salt>
<grain_of_salt> I assume that it will protect the source files (.pl,
Tripwire states that it is multiplatform then goes on to list Multi-*nix. The datasheet adds NT and 2000 to the list. Aren't they proud of their Win32 product too?
I agree sort of. For simple templated pages with no user feedback it'll work fine. But remember /. is moderated, so part of the workflow procedure could automatically calculate a new checksum for content that passes moderation.
If it's a an Apache server module (mod_tripwire?) then potentially a redirect URL could be coded into the DSO. Makes it harder to change via a hack (not very hard though), but also harder to admin (though how often are you going to change the Tripwire redir URL huh?). Something like Tripwire for Apache would at worst add an extra layer of obfuscation. At best it could cut out a few more script kiddies.
Hmm, just thought, this is begging to be written as a servlet 2.3 filter... 'scuse me I'll be right back...
This is not a sig