I have been reminded of an oversight and thought of another. Oversight (props to foo): I didn't mention anything about keeping the box off the air before it is locked down. Even if subsequent reconfiguration is required, it is preferable to have all the networking components installed so that you can get the data on them that you need for system integrity checks. It never hurts to have notes on what changes on both your standard system configuration files and your firewall configuration files when the interfaces addresses are changed. My preference would be to do the initial configuration and validation on an isolated network and then move the box onto the production network once it's gained my confidence. Addition: I would probably also want to review the Titan logs, make appropriate configuration changes to the Titan shell scripts themselves, run Titan again, and perhaps back up Tripwire with periodic verification runs of Titan. At the very least Titan should be moved to the read-only media (the Tripwire CD-ROM you've burned will do nicely), with the logs located elsewhere so that it can be re-used later with confidence in its integrity. Particularly given the flexibility of Titan, it doesn't hurt to tweak it so that you get the final results you want from it. -Bayard
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:59 PDT