RE: Tripwire

To: David Baron <d_baron@012.net.il>
Cc: debian-user@lists.debian.org
Subject: RE: Tripwire
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Thu, 23 Sep 2004 01:47:45 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1040923014350.21060A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 200409230938.00612.d_baron@012.net.il>


On Thu, 23 Sep 2004, David Baron wrote:

> RIght now, I have /var and /proc excluded because of their volativity. I 
> assume there are specific items/directories in these which SHOULD be 
> monitored. Can anyone tell me which ones?

every directory should be monitored ... no exceptions 

because  things change in /tmp and /var ...
	- that is precisely why the script kiddies uses scripts that
	put(hide) their trojans in those directories since its constantly
	changing

- best monitor would be:
	- do a good/better job of hardening your servers .. instead of
	depending on tools that may work in some instances and fails in
	other cases ( at least better job of protecting it than the script
	kiddies attacking your boxes )

	- the attacker will exploit your weakest point in the server
	( directories yu probably will not be watching due to its clutter )

c ya
alvin

Reply to:

References:
- RE: Tripwire
  - From: David Baron <d_baron@012.net.il>

Prev by Date: Re: Help: Embedded Debian
Next by Date: Re: Need help with VPN connection
Previous by thread: RE: Tripwire
Next by thread: RE: Tripwire
Index(es):
- Date
- Thread