|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: possible compromise or just misreading logs
From: Jan Grant (Jan.Grant
bristol.ac.uk)
Date: Mon Dec 08 2003 - 04:50:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 7 Dec 2003, Roger Marquis wrote:
> No production environment should be without Tripwire (1.3 is my
> favorite version). With the right wrapper script
> <http://www.roble.com/docs/twcheck> and off-line backups it's
> impossible to compromise a system without being detected.
Unless there's another step you're not mentioning (eg, rebooting to an
OS installed on a physically write-protected device, or remounting your
drive on another machine with a trusted OS) "impossible" is probably too
strong a term here.
There's an implicit trust in using a system to integrity-hceck itself.
--
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/
We thought time travel was impossible. But that was now and this is then.
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]