[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 sums of individual files?

>  If they root your box, they could mess with your gpg keyring and/or binary.
> They could just spew out fake emails that say the thing was checked, and
> even spin the floppy disk in case you were watching to make sure it was
> doing a "real" check.

OK, I give up.  ;-)  

>  You can't use a possibly-cracked machine to check itself, unless you are
> checking for breakins on non-root accounts.  (e.g. web page defacement if
> they got in through httpd.)

Agreed... or if only one machine is available, we're back to periodically 
booting from a safe, known, bootable CD-R with a kernel, a copy of the 
checksums and all of required binaries on it (which is fine unless someone 
broke into my house and replaced the CD-R ;-)).  

I guess I'll stick with what I have (i.e. the RO floppy) and hope that the 
script kiddie isn't thinking that far ahead (the last one that got through
onto a previous RedHat box of mine wasn't, fortunately).


Kenneth J. Pronovici <pronovic@ieee.org>
Personal Homepage: http://www.skyjammer.com/~pronovic/
"The phrase, 'Happy as a clam' has never really held much meaning for me."

Reply to: