[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Things I Don't Understand About Debian

On Fri, Feb 25, 2011 at 3:13 PM, Andrei Popescu <andreimpopescu@gmail.com> wrote:
On Vi, 25 feb 11, 12:42:51, Sjoerd Hardeman wrote:
> The fact that a compromised user account = a compromised machine is
> of course very true. However, when detected it might be that the
> attacker did not manage yet to get root permissions. Thus, it buys
> some time.

But there is no 100% way to tell the machine is clean, so you will have
to wipe and reinstall anyway.

tripwire? setup logrotate to log to another computer?
there are other options than tripwire and logrotate, but those are the general theories that will let you know.

Reply to: