On Mon, 9 Jan 1995, Adam Shostack wrote (regarding NetSP):
> 3. Nothing like tripwire seems to be included.
Admittedly, it's not tripwire, but "normal" AIX does include a trusted
computing base audit program called tcbck. It checks files against
attributes listed in /etc/security/sysck.cfg. One advantage is that it
understands ACLs, which tripwire does not. On the downside, the checksum
it uses is just plain "sum -r". I believe that it is possible to
use alternate checksum programs, but I haven't tried this.
The database is also available online in /etc/security, so it's subject to
the same vulnerabilities as an online tripwire database. With either
program, it makes sense to store a copy of the database on a readonly
medium and verify against that copy.