Re: /bin/login listening?

To: debian-user@lists.debian.org
Subject: Re: /bin/login listening?
From: Douglas Allan Tutty <dtutty@porchlight.ca>
Date: Sun, 29 Jul 2007 16:18:11 -0400
Message-id: <[🔎] 20070729201811.GC13312@titan>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.62.0707291204020.12185@proto.technobounce.com>
References: <[🔎] Pine.LNX.4.62.0707282241270.12185@proto.technobounce.com> <[🔎] slrnfap6jn.kqu.tyler.smith@blackbart.mynetwork> <[🔎] 20070729132127.GC6292@titan> <[🔎] slrnfapa2p.lgv.tyler.smith@blackbart.mynetwork> <[🔎] 20070729102339.5b52d252.celejar@gmail.com> <[🔎] slrnfaphjv.m57.tyler.smith@blackbart.mynetwork> <[🔎] 20070729163503.GA9535@titan> <[🔎] 46ACC2E5.2090708@noctus.net> <[🔎] slrnfapqg7.42b.tyler.smith@blackbart.mynetwork> <[🔎] Pine.LNX.4.62.0707291204020.12185@proto.technobounce.com>

On Sun, Jul 29, 2007 at 12:44:56PM -0700, Jeff D wrote:
> On that note, one thing that you might want to consider as part of the 
> hardening process is to install aide or some other file integrity checker.
> Using something like that greatly helps in detecting and identifying issues 
> such as this.

I use samhain.  However, since a compromised system can't reliably check
for an intrusion, I use it as a check agains JFS.  Since JFS doesn't
journal data (just meta-data), it is possible that after a power
failure, a file may be missing.  Samhain would detect this.

For security, you should have the samhain on a live-CD or something with
the checksums stored on a CD or USB stick.

Doug.

Reply to:

References:
- Re: /bin/login listening?
  - From: Jeff D <fixedored@gmail.com>
- Re: /bin/login listening?
  - From: Tyler Smith <tyler.smith@mail.mcgill.ca>
- Re: /bin/login listening?
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>
- Re: /bin/login listening?
  - From: Tyler Smith <tyler.smith@mail.mcgill.ca>
- Re: /bin/login listening?
  - From: Celejar <celejar@gmail.com>
- Re: /bin/login listening?
  - From: Tyler Smith <tyler.smith@mail.mcgill.ca>
- Re: /bin/login listening?
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>
- Re: /bin/login listening?
  - From: Mathias Brodala <info@noctus.net>
- Re: /bin/login listening?
  - From: Tyler Smith <tyler.smith@mail.mcgill.ca>
- Re: /bin/login listening?
  - From: Jeff D <fixedored@gmail.com>

Prev by Date: Re: dumb question about Adobe Acrobat....
Next by Date: Re: curses-interface ftp client with resume?
Previous by thread: Re: /bin/login listening?
Next by thread: Re: /bin/login listening?
Index(es):
- Date
- Thread