On Tue, 2008-08-26 at 23:10 +0100, Adam Hardy wrote: > All the hacker needs to do, before rooting the system, is to run my cronjobs and > save the output, and then change the cronjobs to email me these 'all clear' > reports instead. The reports don't even have dates or times that require > updating. I have been known to let my server run for weeks without logging on. One way to get around this problem is to have mails to root sent to an email account you have off-site. Since rkhunter's output isn't sitting in a local mail spool, an intruder trying to hide his footsteps would have to compromise a second system to get at your email to stop you from receiving it's output. -- Paul Johnson baloo@ursine.ca
Attachment:
signature.asc
Description: This is a digitally signed message part