Sep intrusion prevention signatures not updating
Tripwire uses several secure hashing algorithms (and in it's commercial form, provides cryptographic signing of it's database).At this stage of the installation, it is recommended to take a snapshot of the files on the newly configured system, i.e.d) If you didn't install the latest recommended patches above, Jass will do it for you, if you extract them into the 'Patches' directory. We also want to allow ping and traceroute for initial trouble shooting. During installation, the Solaris recommend patch bundle was installed.For example the Solaris 8 recommended bundles would be extracted into Patches/8_Recommended. We could then create and active the new firewall policy restricting access to these services as follows # ./ssadm edit Initial edit Finally, we can stop the remote Firewall management GUI. If we are comfortable with the command line "ssadm" then one daemon more and one more configuration interface, that needs to be correctly configured and watched. However, not all security fixes are included in this bundle, and as time goes by you'll have to check regularly for new patches.
See It would be useful to have packages that reset the SUID files for examples situations such as Bastion Hosts (high), multi-user servers (medium), workstations (low).
The packages would also correct the pkg database so that 'pkgchk -n' would not report permissions errors after the SUID files had been adapted.
You should regularly check the integrity of files on the system, to be assured that they have not been maliciously modified.
What is required, is a file integrity checker that uses secure (one-way) hashing algorithms.
Which is why the Yassp Tarball installs in /secure/tripwire.