* Harald Braumann <ha...@unheit.net> [100309 13:59]: > On Mon, Mar 08, 2010 at 10:49:54PM -0500, Joey Hess wrote: > > Russ Allbery wrote: > > > It's also always worth bearing in mind that while a really good attacker > > > can do all sorts of complex things that make them very hard to find, most > > > attackers are stupid and straightforward. > > > > It's stupid and straightforward to install /usr/local/bin/ls. debsums > > will not detect it. > > And it's as straightforward to find files which don't belong to any > package and have some other means in place to check locally generated > files.
It it's that straight forward, please help with the cruft package. Last time I looked (several years ago) it was severly limited by that problem (there not being a way to know which files should be there and which not). I personally think without something in this direction, intrusion detection based on file lists is not really possible. Hochachtungsvoll, Bernhard R. Link -- "Never contain programs so few bugs, as when no debugging tools are available!" Niklaus Wirth -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100309132432.ga30...@pcpool00.mathematik.uni-freiburg.de