List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Tue, Feb 10, 2004 at 01:51:51AM +0100, Christian Schwede wrote:
> Right. But this still isn't that useful - for watching binary files it's
> ok, but you wouldn't recognize changes to config files etc.
I am using a homegrown script that mails all sorts of important
snapshots to another server. MD5's of executables, list of setuids,
config files, etc. Some every hour, some every night.
The receiving server compares all these mails to their previous
versions, and alerts me to any differences.
After some tuning and tweaking, there are still several false alarms
every day, but I have learned to read them and discard most of them as
I think it is important that the "correct" values are on a different
machine, so that they should be safe under eventual attack. Of course I
see that a qualified attacker could modify the mail script to always
send the same "correct" mails, but then I would nt get any false
alarms... He can't know how much differences I expect.
I am not sharing the scripts, as they are easy to write, and need to be
customized to every installation. But the idea is hereby given freely
for anyone to use.
Heikki Levanto LSD - Levanto Software Development <heikki@...>
firstname.lastname@example.org mailing list