[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Tripwire




On Thu, 23 Sep 2004, David Baron wrote:

> RIght now, I have /var and /proc excluded because of their volativity. I 
> assume there are specific items/directories in these which SHOULD be 
> monitored. Can anyone tell me which ones?

every directory should be monitored ... no exceptions 

because  things change in /tmp and /var ...
	- that is precisely why the script kiddies uses scripts that
	put(hide) their trojans in those directories since its constantly
	changing

- best monitor would be:
	- do a good/better job of hardening your servers .. instead of
	depending on tools that may work in some instances and fails in
	other cases ( at least better job of protecting it than the script
	kiddies attacking your boxes )

	- the attacker will exploit your weakest point in the server
	( directories yu probably will not be watching due to its clutter )

c ya
alvin
 



Reply to: