* Chad Walstrom <[EMAIL PROTECTED]> [031202 18:14]: > I'm not following your logic, if that's what you call it. You're saying > that checking the current filesystem on a daily basis is NOT a good way > to verify filesystem integrity?
I say it won't give you an real advantage over checking the *.md5sums files. (The only slight advantage is that it lists all file, but the disadvtage that you cannot verify your database). > Update your system when you introduce a known change (a must). Check it > daily (a must). What is incorrect about this policy? It will only help you to catch intruders securely, if you your check involves rebooting daily from a ro-media containing verified kernel and checksum-utilities. Not to talk about, that a database update should at least be done after booting from clear mendium without net-access and checking that the changes are correct. Otherwise it only catches intruders, hwo are to stupid to cope with system installed. (Which is the same as with installed .md5sums files) Hochachtungsvoll, Bernhard R. Link -- Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.