RE: MD5 sums of individual files?
Ok with that said, how feasable is it for a cracker to install their
rootkit, and mimic the checksummed files to match the contents of the
floppy? Wouldn't he/she just have to unmount the exising floppy drive,
remount it to his/her pseudo check sums?
I'm probably missing the howto detail where the alert is generated before
rootkit is installed.
> Yes, sorry, I wasn't clear about that. The floppy is mounted RO, plus
> the disk's tab is moved to the RO position. I agree... I
> wouldn't feel
> comfortable or safe if the floppy was just mounted RO.
>> Another way to do this is to install the AIDE package, that performs an
>> to certain files that you specify in the configuratio by the way tripwire
>> it... It's so easy to install and send you an e-mail notifying the daily