On Jul 10, 2007, at 1:13 PM, Sven Hoexter wrote:
To be honest, I think the value of these tools as they're usually applied* is quite dubious. A hacker with enough access to install a rootkit could also trojan tripwire or aide so that it doesn't report the security breach. As such I think you can get a false sense of security. The same criticism applies to rkhunter and chkrootkit, of course. * The exception is if tripwire or aid is used after booting from a read-only medium (such as a live CD) and uses checksums that are also retrieved from read-only media. But few people do it this way because it's a lot of work to maintain and requires taking the machine down to do a check. David Brodbeck Information Technology Specialist 3 Computational Linguistics University of Washington |