On Tue, Dec 02, 2003 at 02:01:23PM +0100, Bernhard R. Link wrote:
> > A true IDS is needed, such as aide, tripwire, or cfengine to detect
> > post-installation intrusion. Tie in aide or tripwire database
> > checks/updates with the apt.conf "PostInst" option in addition to a
> > daily cronjon to ensure the database is updated in a timely manner.
>
> I think this is even more stupid than using *.md5sums. When they are
> daily generated, you have no chance at all to be sure they are not
> modified.
I'm not following your logic, if that's what you call it. You're saying
that checking the current filesystem on a daily basis is NOT a good way
to verify filesystem integrity?
Update your system when you introduce a known change (a must). Check it
daily (a must). What is incorrect about this policy?
--
Chad Walstrom <chewie@wookimus.net> http://www.wookimus.net/
assert(expired(knowledge)); /* core dump */
Attachment:
pgpndxa9xt3_1.pgp
Description: PGP signature