[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Integrity Checks and Diffs?

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Integrity Checks and Diffs?
From: David Vasil <dmvasil@xxxxxxxx>
Date: Thu, 07 Sep 2006 16:14:54 -0400
Content-transfer-encoding: 7bit
Organization: CCS

Marty E. Hillman wrote:
> That brings up a good idea for future enhancement: the ability to gpg
> encrypt email so that information is not clear text.  An attacker with
> access to the internal network could theoretically poison the arp cache
> and intercept packets corresponding to any such reporting email at
> present.  The log would remain intact, but the alert could be prevented.

Wouldnt this require the OSSEC daemon to have access to a passwordless
gpg private key to encrypt the message?  I guess you could argue that if
someone breaks into your OSSEC management host you have bigger things to
worry about than a compromised passwordless gpg key.

-- 
-dave

Follow-Ups:
- [ossec-list] Re: Integrity Checks and Diffs?
  - From: Marty E. Hillman

References:
- [ossec-list] Integrity Checks and Diffs?
  - From: Forrest Aldrich
- [ossec-list] Re: Integrity Checks and Diffs?
  - From: David Vasil
- [ossec-list] Re: Integrity Checks and Diffs?
  - From: Marty E. Hillman

Prev by Date: [ossec-list] Re: Integrity Checks and Diffs?
Next by Date: [ossec-list] Re: sendmail_rules.xml
Previous by thread: [ossec-list] Re: Integrity Checks and Diffs?
Next by thread: [ossec-list] Re: Integrity Checks and Diffs?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.