[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Common security checks for a base installation - packages reviewed.



On Mon, Dec 30, 2002 at 09:52:36PM +0100, Russell Coker wrote:
> On Mon, 30 Dec 2002 21:02, Steve Kemp wrote:
> >   If you scan the filesystem once looking for, say permissions, and then
> >  later scan to, say, test MD5 sums the first file you examine could have
> >  been modified just after you test it - at which point you won't find out
> >  until the next invocation.
> >
> >   The advantage of having a lightweight scan, though, is that the scan
> >  could happen hourly without putting the system under undue load.
> 
> Is there any real point to such a scan?
[snip]

	Yes there is. Security is not only about defending against hostile
intruders. It's also about being able to fix what you have done to yourself
as an administrator. Sample: 

# chmod -R o-rwx .
# pwd
/
# DAMN!
bash: DAMN!: command not found

	:-)

	Regards

	Javi

Attachment: pgp0nrKQRP4TO.pgp
Description: PGP signature


Reply to: