[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 sums of individual files?

> That is something that I hadn't considered.  The cracker could potentially
> unmount /var/lib/aide/ro (where I have the floppy containing the AIDE
> checksums mounted) and place in that directory a newly-generated list of
> checksums, which AIDE would read the next time it runs.  When I got the
> report in my inbox, it would look like everything is fine.  IMHO,
> a hole that's there regardless of whether I use a RO floppy or a CD-R.

Sometimes old fashioned solutions are the best. Print your log files on an
old Dot-Matrix Printer. Costs very little, attacker can't screw with them
after breaking in, and you can read them in the bath :)


Reply to: