[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian audititing tool?

On 00-12-21 Colin Phipps wrote:
> On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote:
> > [ Would you please stop those Ccs to me?]

> If you don't want CC's then fix your mail headers:

> Mail-Followup-To: Christian Kurz <shorty@debian.org>, debian-security@lists.debian.org

They are, as they contain:

|Mail-Copies-To: never

which means that I don't want a Mail Copy of an answer.

> > On 00-12-21 Colin Phipps wrote:

> > > > No, I tried to explain why it also won't work for the
> > > > "less-careful" intruders, as they will use tools to hide their
> > > > changes.
> > 
> > > Some intruders will be careless or ignorant and it'll catch them.
> > > Others will be smart and it won't. Assuming at least some hackers
> > > are careless it's still worthwhile, in the absence of a perfect
> > > solution.
> > 
> > Well and the one that you won't catch to much more damage to your
> > system and create a higher risk then the one you catch. 

> Agreed, if someone gets root on your system there's no way you can 
> guarantee detecting it. But you can try. Whether md5sums is worthwhile 
> I don't know, I guess you'd have to look for some statistics on 
> rootkits and such...

Yes, such a statistic would be helpful as I think that only a small part
of the rootkits are really know and every other rootkit is not know and
only available in the underground.

> > > No, you just sign all the packages on master.debian.org with this
> > > official key, and then mirror both the files and their signatures
> > > (as kernel.org do).
> > 
> > And who will create this key? Who will have the passphrase? Who will
> > sign the packages?

> Someone on master.debian.org, presumably the ftp admins.

And so you trust this admins? Just asking because some people here have
a lot of paranoia.

          Debian Developer and Quality Assurance Team Member
    1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Attachment: pgp8FsCKzB6xI.pgp
Description: PGP signature

Reply to: