Re: /bin/login listening?
On Sun, Jul 29, 2007 at 12:44:56PM -0700, Jeff D wrote:
> On that note, one thing that you might want to consider as part of the
> hardening process is to install aide or some other file integrity checker.
> Using something like that greatly helps in detecting and identifying issues
> such as this.
I use samhain. However, since a compromised system can't reliably check
for an intrusion, I use it as a check agains JFS. Since JFS doesn't
journal data (just meta-data), it is possible that after a power
failure, a file may be missing. Samhain would detect this.
For security, you should have the samhain on a live-CD or something with
the checksums stored on a CD or USB stick.
Doug.
Reply to: