1 |
Hi, |
2 |
|
3 |
Am So, den 04.04.2004 schrieb Holger Kettler um 14:40: |
4 |
> -----BEGIN PGP SIGNED MESSAGE----- |
5 |
> Hash: SHA1 |
6 |
> |
7 |
> Absender Tobias Weisserth: |
8 |
> > That's why I install and set up Tripwire right after I did a perfectly |
9 |
> > good installation. I don't know of any way an intruder could sneak |
10 |
> > around a good Tripwire setup. It's on all my machines first thing after |
11 |
> |
12 |
> Seriously, there *IS* at least one root-kit specially designed to fool |
13 |
> tripwire. |
14 |
|
15 |
That's why I wrote a *good* Tripwire setup :-) |
16 |
|
17 |
How should a root kit fool my Tripwire setup if the necessary binaries |
18 |
and the database are on a mounted CD? :-) This is *extremely* unlikely |
19 |
and probably demands a *very* difficult attack approach. |
20 |
|
21 |
I'm doing the same with chkrootkit. Write protected media can't be |
22 |
fooled :-) |
23 |
|
24 |
regards, |
25 |
Tobias |
26 |
|
27 |
|
28 |
-- |
29 |
gentoo-security@g.o mailing list |