Re: /lib/security/.config
From: Walter Dnes (waltdnes@waltdnes.org)Date: 03/14/02
- Next message: name goes here: "Re: why so many "potential buffer overflow" alerts?"
- Previous message: Craig Zeller: "Re: U.S. export laws on SSH/SSL?"
- In reply to: Peter Eddy: "Re: /lib/security/.config"
- Next in thread: Mike Ingle: "Re: /lib/security/.config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Walter Dnes <waltdnes@waltdnes.org> Date: Thu, 14 Mar 2002 00:28:47 GMT
On Tue, 12 Mar 2002 14:56:17 -0500, Peter Eddy, <petere@atg.com> wrote:
> RPM (if you're using RedHat) and find are your friends. Tell find to
> look for files and directores created on the same day as the break in,
> which will be the same day as the one the files you have found are
> dated.
And you assume that rootkit writers don't know this ? Given that
they can trojan just about any file, what's to prevent them trojaning
"rpm" and "find" ?
-- Walter Dnes <waltdnes@waltdnes.org> If you had purchased $1000 of @home stock in 1999, today you would have $1.30. If you had purchased $1000 of beer in 1999, today you would still have $59 in empty cans.
- Next message: name goes here: "Re: why so many "potential buffer overflow" alerts?"
- Previous message: Craig Zeller: "Re: U.S. export laws on SSH/SSL?"
- In reply to: Peter Eddy: "Re: /lib/security/.config"
- Next in thread: Mike Ingle: "Re: /lib/security/.config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
