any interest in tripwire commercial?
Eirik Øverby
ltning at anduin.net
Mon Dec 13 09:47:24 UTC 2010
On Dec 11, 2010, at 17:03, Michael Scheidell wrote:
>> Probably.
>>
>>> > does everyone put 32 bit compatibility libraries in their amd64 builds?
>>> > ______
>> Never, unless running cosed source software. It seems to triple your
>> attack surface area.
>>
> than the answer is "no' you would not want an i386 version since you need to put 32bit compatibility in if this is all tripwire supports.
> Sometimes, its easier to get a vendor to release compiled binaries if you tell them you can support:
> 7.1 - 8.x, i386/amd, with a single i386/32 bit binary.
>
> to tell them the need to maintain 8 versions is harder.
>
> doesn't really too much matter, It looks like only you and me are interested. with that huge response, I guess its never going to happen.
It really depends what the final product would cost, if it would be supported and maintained on 64-bit 8.x, with future commitment to support 9.x. It also depends what added value this package would had compared to 'portmaster security/tripwire' or similar.
In any case we would be interested if this would provide significant and real (security/manageability) advantages compared to our current "freebsd-update IDS" model (no, not only freebsd-update IDS, but some added magic to make it a bit more resilient and reliable).
PCI DSS and other security standards specifically mention tripwire so it would make life easier if we could tick the box saying 'yes we use tripwire'.
/Eirik
More information about the freebsd-security
mailing list