Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Install and tweak the Checkmate tripwire' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Install and tweak the Checkmate tripwire
Authored by: kissedsmiley on Apr 12, '05 01:54:20PM

hi purple!
I'd definitely like to have something like tripwire so thanks for starting this hint. I don't trust your reference to http://members.lycos.co.uk/hardapple/ however, because I (dumbo I suppose) found this on their site:

<li>security guides, presentations & tutorials: Angelo Laub's slides from his presentation "Mac OS X Insecurity" at the 21C3 congress.
Also his paper entitled Mac OS X Insecurity is available.</li>
The two links referred two are not what they should be! The 2nd says https://21c3.annulator.de/OSXInsecurity.pdf which is nearly the correct URL... but contains "s"; ie the https is not valid, got me to 100% cpu usage and caused me a bunch of time to check if my mac is ok. The correct paper fyi is at http: of the same or http://www.ccc.de/congress/2004/fahrplan/event/218.de.html .


On these travels, I discovered another tripwire-like thing, http://www.macos.utah.edu/Documentation/macosx/security/fcheck.html
FCheck, which has nice hints on what files normally change. The intro says;

<li>I wrote this document in 2002 for Mac OS X 10.1. I never posted it because I decided to use http://www.Radmind.org instead of FCheck. Well, I had this finished document that still was good (written for FCheck 2.07.59, which is still the current version as of May 2003), so I decided to throw it up here. I updated part of the exclusion list below for Mac OS X 10.2, but I haven't tested it.
What is FCheck?
FCheck notices changes on the hard disk and notifies you of unauthorized changes. FCheck does this by taking periodic "baseline" snapshots and comparing them. This is also called a tripwire. For more information, see the FCheck homepage.
</li>



[ Reply to This | # ]