Re: possible compromise or just misreading logs

From: Jan Grant (Jan.Grant_at_bristol.ac.uk)
Date: 12/08/03

  • Next message: Jez Hancock: "Re: possible compromise or just misreading logs"
    Date: Mon, 8 Dec 2003 10:50:02 +0000 (GMT)
    To: Roger Marquis <marquis@roble.com>
    
    

    On Sun, 7 Dec 2003, Roger Marquis wrote:

    > No production environment should be without Tripwire (1.3 is my
    > favorite version). With the right wrapper script
    > <http://www.roble.com/docs/twcheck> and off-line backups it's
    > impossible to compromise a system without being detected.

    Unless there's another step you're not mentioning (eg, rebooting to an
    OS installed on a physically write-protected device, or remounting your
    drive on another machine with a trusted OS) "impossible" is probably too
    strong a term here.

    There's an implicit trust in using a system to integrity-hceck itself.

    -- 
    jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
    Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/
    We thought time travel was impossible. But that was now and this is then.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Jez Hancock: "Re: possible compromise or just misreading logs"