Re: MD5 sums of individual files?
> That is something that I hadn't considered. The cracker could potentially
> unmount /var/lib/aide/ro (where I have the floppy containing the AIDE
> checksums mounted) and place in that directory a newly-generated list of
> checksums, which AIDE would read the next time it runs. When I got the
> report in my inbox, it would look like everything is fine. IMHO,
> a hole that's there regardless of whether I use a RO floppy or a CD-R.
Sometimes old fashioned solutions are the best. Print your log files on an
old Dot-Matrix Printer. Costs very little, attacker can't screw with them
after breaking in, and you can read them in the bath :)