Re: MD5 sums of individual files?
On Thu, Mar 29, 2001 at 01:04:47PM -0600, Kenneth Pronovici wrote:
> I see two ways to get around this: one solution is for me to GPG-sign the AIDE
> checksum list when I create it. Then I could check the signature in my script
> that runs AIDE, and I would know that it was me who created it. This would be
> more like what Tripwire's latest release does.
If they root your box, they could mess with your gpg keyring and/or binary.
They could just spew out fake emails that say the thing was checked, and
even spin the floppy disk in case you were watching to make sure it was
doing a "real" check.
You can't use a possibly-cracked machine to check itself, unless you are
checking for breakins on non-root accounts. (e.g. web page defacement if
they got in through httpd.)
#define X(x,y) x##y
Peter Cordes ; e-mail: X(firstname.lastname@example.org. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE