Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Oliver Schad <o.schad@...>
Subject: Re: Running untrusted software
Date: Wed, 18 Jan 2006 16:36:26 +0100
Am Mittwoch, 18. Januar 2006 16:24 schrieb mir Johnson, Maurice E CTR 
NSWCDL-K74:
> A good host based IDS  (file integrity monitoring system) would
> record any system level changes made. 

No such IDS records any changes in *file systems* if the running 
software has no access to root privileges. That is a important 
difference.

> IT should be fairly trivial to 
> start of with a sterile environment prior to running your CSA and
> inspecting the environment afterwards.
>
> Try Tripwire or AID.

This is not a good idea because this IDS cannot monitor all system 
activities. The only reliable way to monitor all activities is to run 
this software in a sandbox.

Best Regards
Oli
-- 
gentoo-security@g.o mailing list


References:
RE: Running untrusted software
-- Johnson, Maurice E CTR NSWCDL-K74
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
RE: Running untrusted software
Next by thread:
invalid section : "db"
Previous by date:
Re: Running untrusted software
Next by date:
Re: Running untrusted software


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.