Gentoo Archives: gentoo-security

From: Oliver Schad <o.schad@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Running untrusted software
Date: Wed, 18 Jan 2006 15:49:37
In Reply to: RE: [gentoo-security] Running untrusted software by "Johnson
Am Mittwoch, 18. Januar 2006 16:24 schrieb mir Johnson, Maurice E CTR 
> A good host based IDS (file integrity monitoring system) would > record any system level changes made.
No such IDS records any changes in *file systems* if the running software has no access to root privileges. That is a important difference.
> IT should be fairly trivial to > start of with a sterile environment prior to running your CSA and > inspecting the environment afterwards. > > Try Tripwire or AID.
This is not a good idea because this IDS cannot monitor all system activities. The only reliable way to monitor all activities is to run this software in a sandbox. Best Regards Oli -- gentoo-security@g.o mailing list