Are you talking about sysck?
sysck is configurable to use md5; however, I wasn't able to find
documentation on doing so. IBM'ers here did offer to provide me with
help (Thanks again, Andreas!), but not everyone who buys an SNG has
access to this list, and as such, how to provide integrity checking on
the firewall should be part of the manual.
Adam
Ian Gresley-Jones wrote:
| In reply to Adam's comments below - there is an integrity checker in AIX
| v3.??? (3.2.5 and some earlier) called tcbck. It is possible without too
| much trouble to make it use md5 (forgotten the details - if anyone is
| interested I'll dig out some notes) so it can be useful, even if not as
| flexible as Tripwire. I don't know how much this is used is SNG by
| default, but I've set it up in a variety of ways (varying from once
| every 10 seconds for a short list of critical files, to once daily for a
| full filesystem check ....).
|
| < Gene said...>
| >If there anyone out there has experience with SNG, any criticisms of the product are
| >more than welcome (either via the mailing list or direct e-mail to me). I'm creating a
| >"To Do" list for the developers in Raleigh for subsequent versions of the Firewall.
|
| That's good news Gene - Hey OtherSuppliers - take note !!!
| >
| >genelee @
vnet .
ibm .
com
| >
| <Adam said...>
| >Something like tripwire or L5 would be nice. I know thers an
| >integrity checker in /etc/security/? (Been a while since I used AIX),
| >but theres no docs for it, and I dont think it supports MD5 or SHA1.
|
| The docs are there in 'info', but as seems standard for IBM they are
| not as complete, consistent or even in some cases correct as they might
| be - here's one for the Raleigh boys to improve on Gene !
|
| >
| >Most of the other shortcomings I saw were in the manual; not talking
| >about stripping out un-needed services, not talking about reducing
| >permission levels on sendmail & rdist, and the rest of them.
|
| Agreed, AIX is a monstrous beast and needs a bare bones installation
| with very careful configuration. IBM should provide some details of the
| lengths they go to in stripping out or switching off the nasties, and
| what they do with things like sendmail (very old version as standard in
| 3.2.5).
| What about monitoring (the audit subsystem is useful - what use is made
| of it), intrusion detection etc.
|
| I admit I only saw some basic info on an early version of the product,
| maybe more info is available, but they do keep it quiet. Tell us more
| Gene....
|
| Regards
|
| Ian
| ********************************************************************
| Ian Gresley-Jones * Protek Warrington (UK) 01925 240340
| <igjones @
proteknw .
demon .
co .
uk> * or Maidenhead (UK) 01628 75959
| or <ian @
martel .
demon .
co .
uk> *
| -- speaking for myself only -- * ZZR600
| ********************************************************************
|
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Follow-Ups:
References:
|
|
