[unisog] OpenBSD and Tripwire

Richard Johnson rdump at river.com
Fri Nov 30 00:40:46 GMT 2001


At 13:55 -0700 on 11/29/01, Jeff Bollinger wrote:
> Has anyone been able to get Tripwire up and running on an OpenBSD
> system?  I'm running OpenBSD 2.9 on an i386 and I can't seem to get it
> going right (i.e. one version dumps core, the other can't find the right
> paths).  Tripwire isn't available as a port yet, so I think it has to be
> compiled from source.


I gave up on Tripwire when their licensing got funky.  Their ASR was useful
for a time, but I never got into the latest version.  Reports of port &
build problems, plus operations problems on the Solaris version, led me to
look at alternatives such as AIDE and Osiris for my OpenBSD boxes.

AIDE is available in OpenBSD's ports tree: /usr/ports/security/aide.  0.7
installed from the ports works very well for me.

Osiris development is reportedly going again, so you might look at it as
well: <http://www.shmoo.com/osiris/>

I use CD-Rs for the AIDE dbs rather than following tripwire's lead and
trying to encrypt the dbs on the machine they're checking (seems not quite
safe enough to me, but then again, I am trusting my kernel to be
uncompromised anyway :-).

I've encountered one display bug with file sizes of modified log files (new
file size is listed as '0'), but as it's cosmetic, I haven't made time to
look at a fix yet.


Richard




More information about the unisog mailing list