Quoting "Shawn M. Jones" smj@littleprojects.org:
I really don't have any answers to your questions concerning prelinking, but have you considered alternatives to tripwire, such as:
- AIDE
- Samhain
- Osiris
to name a few.
Last time I tried, these all worked with the latest *NIX, prelinking or no.
Last time I checked AIDE, it was real pain to configure (real mess), and I was never able to get it to check things I want it to check, and ignore others.
I'm looking at Samhain for last week or two, and it looks usable. I'll be giving it a try, probably. However, Samhain is calling "prelink --verify" for each binary to be able to compute/check hash. Which gives big performance degradation. Well, better than nothing, I guess.
I haven't got to Osiris yet...
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.