Hi Chae, > Mike says log it and Kevin says don't - me being a not so newbie now (and > after just having set up FCheck on a RAQ3) would like to know which one is > it :>
My reason for logging it is as follows: /tmp (or /home/tmp, where it symlinks to) is a directory where anyone has write access. So for an intruder it's a logical choice to put his toys there at first. I know quite well which two or three processes I have on the machine, that fairly often dump data into /tmp, so I will instantly recognize if there is something out of the ordinary in there. Only every couple of days I noticed activity in /tmp in so far it has always been legitimate. But my credo in regards to security is: better to be over-aware than to assume that everything is doing just fine while it - in reality - isn't. -- With best regards, Michael Stauber SOLARSPEED.NET _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
