|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: BPF on in 3.3-RC GENERIC kernel
Michael Grommet (mgrommet
isiar.net)
Fri, 17 Sep 1999 08:29:15 -0500
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Brett Glass: "Best way to do FTP with NAT and firewall?"
- Previous message: Greg Lewis: "Re: Securing a system that's been rooted remotely"
- In reply to: Evren Yurtesen: "Re: Securing a system that's been rooted remotely"
Just to add my 2 cents worth, I've always been able to store the tripwire
database on a floppy, physically write protected
:)
I suppose if you had lots and lots of files for tripwire to keep track of,
this wouldnt work, but hey, even if someone is more advanced than your
average script kiddie, they still won't be able to overwrite the info.
-----Original Message-----
From: owner-freebsd-securityFreeBSD.ORG
[mailto:owner-freebsd-securityFreeBSD.ORG]On Behalf Of Harry M.
Leitzell
Sent: Thursday, September 16, 1999 8:28 PM
To: Brett Glass
Cc: Liam Slusser; Kenny Drobnack; securityFreeBSD.ORG
Subject: Re: BPF on in 3.3-RC GENERIC kernel
No offense, but tripwire is really a bit overrated except if the
person is a script child and hasn't a clue as to what to do. If tripwire
hasn't been set up with the db set on a readonly disk partition and you
gain root, you can set up a KLM to change the db on the fly.
On Thu, 16 Sep 1999, Brett Glass wrote:
> At 04:14 PM 9/16/99 -0700, Liam Slusser wrote:
>
> >Right...but if the system was hacked what would stop the hacker from
> >building BPF in a kernel?
>
> securelevel=2 or securelevel=3.
>
> Or Tripwire.
>
> --Brett
>
>
>
[-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-]
Harry M. Leitzell - Harry_M_Leitzellcmu.edu
Carnegie Mellon University
Finger for PGP Public Key
[-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-]
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Brett Glass: "Best way to do FTP with NAT and firewall?"
- Previous message: Greg Lewis: "Re: Securing a system that's been rooted remotely"
- In reply to: Evren Yurtesen: "Re: Securing a system that's been rooted remotely"
This archive was generated by hypermail 2.0b3 on Fri Sep 17 1999 - 08:30:34 CDT