tripwire would be even better, but the best thing of all is a modified version of Mandrake's own secure scripts setup (which is copied from Debian). This is the script that sends you nightly emails about differences in network ports, packages, &c.? Well, make a copy that runs every five or ten minutes and looks at the atime, permissions, and content of wtmp, writing those into a hidden directory. If they don't match the last log in some way that is suspicious, fire an alert. Depending on your paranoia level, that could be email, sms, smbmessage, talk, an im, or paging with a modem :-)
A friend of mine used to admin at an ISP and set up something like this. He started a talk session with the cracker and talked him out of screwing with the box. On Thu, 2003-10-23 at 06:46, Ricardo (Tru64 User) wrote: > Installing chkrootkit "might" be able to tell you when > wtmp has something delete in it. I am saying might > because there might be another way to cover that too. > > _Thanks > > Richard > > --- Fajar Priyanto <[EMAIL PROTECTED]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Dear all, > > Is it possible to erase activities in the > > bash_history file without being > > known? And also in wtmp? > > How is it possible? > > Thanks > > - -- > > Fajar http://linux.arinet.org > > Linux mdk91.sistek.kom 2.4.21-0.13mdk GNU/Linux > > 14:18:02 up 6:31, 11 users, load average: 0.25, > > 0.26, 0.26 > > Quote of the day: > > Win98 errors 019-999: Reserved for future use; > > presently used only to occupy > > 49.3 MB diskspace. > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.1 (GNU/Linux) > > > > > iD8DBQE/l4FGMai9kCFqACoRAtmcAKDBZnEMuQd/36RkKGg0PBxltr0L3QCggDwk > > okgmd8EBZjDDM6rKDzRRXyY= > > =OFbp > > -----END PGP SIGNATURE----- > > > > > > > Want to buy your Pack or Services from > MandrakeSoft? > > > > Go to http://www.mandrakestore.com > > > > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > > > ______________________________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com