Am 22. Feb, 2001 schwäzte Kevin Buettner so:

> Can someone give me a brief primer on how tripwire is implemented?  I
> read somewhere recently that it uses a kernel module on linux and
> basically watches for open() calls (where write access is requested)
> on specific system files.  Is this right or not?

That would be oh so much cooler :).

I've never run it, but the description is that it builds a profile of the
things you want watched, then goes out on a regular basis to make sure
they haven't changed.

Better is still to run off a ro medium. Anyone know the project that was
doing that? I will be needing that soon.

ciao,

der.hans
-- 
#  der.hans@LuftHans.com   home.pages.de/~lufthans/   www.YourCompanyHere.net ;-)
#  A Polish friend of mine got an offer for a free account from AOL. The
#  login ID was "HELLO" and the passwd "CYMBAL". She says "cymbal" is
#  Polish for "sucker". "Hello sucker" a greeting from AOHell :).