Re: Things I Don't Understand About Debian
On Fri, Feb 25, 2011 at 3:13 PM, Andrei Popescu <email@example.com>
On Vi, 25 feb 11, 12:42:51, Sjoerd Hardeman wrote:But there is no 100% way to tell the machine is clean, so you will have
> The fact that a compromised user account = a compromised machine is
> of course very true. However, when detected it might be that the
> attacker did not manage yet to get root permissions. Thus, it buys
> some time.
to wipe and reinstall anyway.
tripwire? setup logrotate to log to another computer?
there are other options than tripwire and logrotate, but those are the general theories that will let you know.