[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: port 6051: hacked?

anyway, the best place is not /tmp but /var/log/whatever_far_away_in_the_hierarchy
, change too much with log to keep tripwire to check, mounted as standard partition
on most of the systems ...

On Sun, Sep 08, 2002 at 02:15:25AM +0200, martin f krafft wrote:
> also sprach Phillip Hofmeister <plhofmei@zionlth.org> [2002.09.07.2008 +0200]:
> > If they create a file in a directory watched by tripwire (fools) they will
> > change the inode (date) on that directory and tripwire will flag it.  Granted
> > they could make a file in /tmp (which most sane people with tripwire don't
> > watch).
> which is why /tmp is mounted with noexec, just like /home
> -- 
> martin;              (greetings from the heart of the sun.)
>   \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
> the city of palo alto, in its official description of parking lot
> standards, specifies the grade of wheelchair access ramps in terms of
> centimeters of rise per foot of run.  a compromise, i imagine...


-> Jean-Francois Dive
--> jef@linuxbe.org

  There is no such thing as randomness.  Only order of infinite
  complexity.  - _The Holographic Universe_, Michael Talbot

Attachment: pgpJdBtZzVNzc.pgp
Description: PGP signature

Reply to: