On Thu, Mar 29, 2007 at 12:52:17PM +0300, Pablo Virolainen wrote: > ssh <machine_to_be_checked> aide_script.sh > aide_<current_time>.db > And they could make the aide_<current_time>.db to have data which suggest > that nothing has happened.
They can always make the aide.db conform to the file found if the database is stored locally. If it isn't, I think that it is extraordinarily hard to craft a file that does what the attacker wants and fits checksum and size. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 _______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
