لطفا منتظر باشید ...
Recipe 1.8 Expensive, Ultra-Paranoid Security Checking
1.8.1 Problem
You want highly secure integrity checks and are
willing to shell out additional money for them.
1.8.2 Solution
Store
your files on a dual-ported disk array. Mount the disk array
read-only on a second, trusted machine that has no network
connection. Run your Tripwire scans on the second machine.
1.8.3 Discussion
A dual-ported disk array permits two machines to access the same
physical disk. If you've got money to spare for
increased security, this might be a reasonable approach to securing
Tripwire.
Once again, let
trippy be
your machine in need of Tripwire scans.
trusty is a highly secure second
machine, built directly from trusted source or binary packages with
all necessary security patches applied, that has no network
connection and has never been accessible to third parties.
trippy 's
primary storage is kept on a dual-ported disk array. Mount this array
on
trusty read-only. Perform
all Tripwire-related operations on
trusty : initializing the database,
running integrity checks, and so forth. The Tripwire database,
binaries, keys, policy, and configuration are likewise kept on
trusty . Since
trusty is inaccessible via any network,
your Tripwire checks will be as reliable as the physical security of
trusty .
