Re: OS binaries integrity check

From: jeff barratt-mccartney (jbarratt_at_COMPSAT.COM)
Date: 02/14/04

  • Next message: jeff barratt-mccartney: "Re: command to monitor hardware" 
    Date:         Fri, 13 Feb 2004 22:14:01 -0500
To: aix-l@Princeton.EDU

    gustavo,
    if your goal is to check(for trojan horses/etc) every binary every time it
    is launched,it is my understanding that you HAVE to use TCB.I may be wrong
    here.Can anyone correct me? TCB(Trusted Computing Base?) is very stringent
    and works everytime. It is also not an 'upgradable feature' you need to
    select it at install time. to move to TCB I believe you can just backup your
    existing environment, reinstall selecting TCB at install time, and lay down
    your applications/etc. my understanding is that TCB is fool proof, I know
    from the one time I used it, that it was also a PITA. maybe this observation
    was my inexperience at time.
    Tripwire is 1. not free(open source and 2. not fool proof.
    I have to ask the question...what problem or perceived problem are you
    trying to solve? If your concern is trojan horses set up by other root
    users, then you need to severely limit root access, if your concern is
    trojan horses created by nonroot users, then I suggest you investigate some
    simple security precautions(sudo) that are not addressed by default AIX
    installs. A good primer on the subject is quickly found on google if you
    search for "bastion aix". If you are simply interested in making sure the
    binaries jive, lppcheck will do the job, assuming lppcheck hasn't been
    compromised.

    IMHO the AIX community has turned a blind eye to security. There are a
    considerable number of holes in AIX, and I am surprised by the lack of
    communication on this listserv on this subject.
    I am not playing the high and mighty here, nor am I preaching to the choir,
    certainly some of the posters and lurkers here have some opinions.

    -----Original Message-----
    From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
    Fette, Gustavo
    Sent: Friday, February 13, 2004 3:10 PM
    To: aix-l@Princeton.EDU
    Subject: Re: OS binaries integrity check

    Well I didn't find TCB nor in my server neither in the web.

    But I found the tripwire installarion tutorial ay IBM, but I got compilation
    errors, so I don't know if someone of you guys have it compiled for 4.3 and
    5.1?

    I've found fcheck and another soft more, but I still have to compile or
    configure them...

    Regards,
    Gustavo.-

    -----Original Message-----
    From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of Bill
    Verzal
    Sent: Friday, February 13, 2004 4:24 PM
    To: aix-l@Princeton.EDU
    Subject: Re: OS binaries integrity check

    You install it with the OS. If it is not there now, you can't use it.

    BV
    --------------------------------------------------------

    "If everything is coming your way, then you are in the wrong lane"

    Bill Verzal
    AIX Administrator, Komatsu America
    (847) 970-3726 - direct
    (847) 970-4184 - fax

                 "Fette, Gustavo"
                 <gustavo.fette@ED
                 S.COM> To
                 Sent by: IBM AIX aix-l@Princeton.EDU
                 Discussion List cc
                 <aix-l@Princeton.
                 EDU> Subject
                                           Re: OS binaries integrity check

                 02/13/2004 12:59
                 PM

                 Please respond to
                      IBM AIX
                  Discussion List
                 <aix-l@Princeton.
                       EDU>

    And where I can get it?

    -----Original Message-----
    From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of Bill
    Verzal
    Sent: Friday, February 13, 2004 3:51 PM
    To: aix-l@Princeton.EDU
    Subject: Re: OS binaries integrity check

    TCB
    --------------------------------------------------------

    "If everything is coming your way, then you are in the wrong lane"

    Bill Verzal
    AIX Administrator, Komatsu America
    (847) 970-3726 - direct
    (847) 970-4184 - fax

                 "Fette, Gustavo"
                 <gustavo.fette@ED
                 S.COM> To
                 Sent by: IBM AIX aix-l@Princeton.EDU
                 Discussion List cc
                 <aix-l@Princeton.
                 EDU> Subject
                                           OS binaries integrity check

                 02/13/2004 12:38
                 PM

                 Please respond to
                      IBM AIX
                  Discussion List
                 <aix-l@Princeton.
                       EDU>

    Hello:
                    Does anyone know about a free tool to check the integrity of
    the binaries of my system?

    I mean, some kind of tools that run against ie: ls, shutdown, etc give me a
    hash that I can have to compare with a new hash ie every month...

    Thanks in advance.

    Regards,

    Gustavo Fette
    MMH - GOSD
    EDS Argentina
    Arias 1851 - Buenos Aires
    Phone: +54 11 4704-3403
    Mobile: +54 9 11 5110-2325

  • Next message: jeff barratt-mccartney: "Re: command to monitor hardware"

    Relevant Pages

    • Re: OS binaries integrity check
      ... TCB does a few different things. ... New to AIX? ... > Subject: Re: OS binaries integrity check ... > select it at install time. ...
      (AIX-L)
    • Re: AIX 5.3 Files missing from new OS install
      ... I confirm, you must activate TCB at the beginning of the installation, ... Install Options ... Install with the current settings listed above. ... I've looked at AIX 5.2 systems to find the packages these files belong ...
      (comp.unix.aix)
    • Re: install software
      ... which comes with AIX 5.2 ML02 Install CD's. ... > such knowledge was acquired when a developer was reading his/her AIX ... LPP packaging excited me when I looked into it, ... > alternative means of communication. ...
      (AIX-L)
    • Re: FAXing from SCO Unix 5.0.6
      ... ActiveFax does full incoming and outgoing fax as well as fax on demand ... as easily can end as Linux or UNIX box. ... I can't say as the last time I tried to install it on my system to see ... AIX 4.3 as their company's primary application box. ...
      (comp.unix.sco.misc)
    • Re: Is there something wrong with my small program or is there something wrong with the shell
      ... > The AIX in Intel was about the most painful install I ever went ... Given the state of storage technology for ps/2's and other intel ... actually write the code for intel AIX; they contracted it out and did ... I Bring Manuals. ...
      (comp.unix.bsd.freebsd.misc)