Re: Rooted

From: erik (erik@geenspam.vanwesten.net)
Date: 04/20/03 

From: erik <erik@geenspam.vanwesten.net>
Date: Sun, 20 Apr 2003 21:17:35 +0200

Bit Twister wrote:

> On Sun, 20 Apr 2003 20:19:52 +0200, erik wrote:
>>
>> That's why things like were invented.
>
> I am sorry, I cannot understand what the hell you are trying to say.

tripwire, aide. Sorry.

>
>
>> Keeping a separate install mirror
>> is not helping you in any way since it does not show you how the
>> cracker came to his installation.
>
> I never indicated that it would. The only thing it is good for
> is to be able to see what was changed and what was added and
> prove that the box has not been cracked.

And for that you do not need more than tripwire or aide. Even an md5sum
could do.

EJ 

-- 
Remove the obvious part (including the dot) for my email address

Relevant Pages

  • Re: error.log entry
    ... Aide look like a better choice than Tripwire, I did find it in the ... repository, but I gonna take a look at it on the home site first. ... or for something which the cracker cannot see to disable there's ...
    (comp.security.firewalls)
  • Whats the better choice? aide or tripwire?
    ... Package: aide ... Description: Advanced Intrusion Detection Environment ... Package: tripwire ...
    (comp.os.linux.misc)
  • Re: Rooted
    ... > you cannot use md5sum on a directory to see what was added. ... > As for tripwire, now your talking about a system monitoring itself. ... there is no such thing as a "good cracker". ...
    (comp.os.linux.security)
  • Re: Rooted
    ... >> And for that you do not need more than tripwire or aide. ... > you cannot use md5sum on a directory to see what was added. ... > As for tripwire, now your talking about a system monitoring itself. ... Echo _every_ command to a secure loghost. ...
    (comp.os.linux.security)
  • Re: Internet appliance?
    ... I may be a bit overworried, but I think something like Tripwire or AIDE ... To check your machine for rootkit attacks you may like to install ...
    (comp.os.linux)