Hosting Provided By

Re: /bin/login listening?

From: Douglas Allan Tutty <dtutty(at)porchlight.ca>
Date: Sun Jul 29 2007 - 16:18:11 EDT

On Sun, Jul 29, 2007 at 12:44:56PM -0700, Jeff D wrote:
> On that note, one thing that you might want to consider as part of the
> hardening process is to install aide or some other file integrity checker.
> Using something like that greatly helps in detecting and identifying issues
> such as this.

I use samhain. However, since a compromised system can't reliably check for an intrusion, I use it as a check agains JFS. Since JFS doesn't journal data (just meta-data), it is possible that after a power failure, a file may be missing. Samhain would detect this.

For security, you should have the samhain on a live-CD or something with the checksums stored on a CD or USB stick.

Doug.

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sun Jul 29 16:18:45 2007

This message: [ Message body ]
Next message: Douglas Allan Tutty: "Re: curses-interface ftp client with resume?"
Previous message: Douglas Allan Tutty: "Re: dumb question about Adobe Acrobat...."
In reply to: Jeff D: "Re: /bin/login listening?"
Next in thread: John Hasler: "Re: /bin/login listening?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 18:30:10 EDT