On Wed, 1 Nov 2000, Bruce Dawson wrote:
> These are all very true - but my honeypot hasn't been attacked by any
> script kiddies that modify the RPMs... yet.
"Yet" being the operative word. I wouldn't trust my system to that. I
don't think you would, either. :-)
> Has anyone else?
I know of other GNHLUG members who have. I am not going to name them; they
will have to step forward if they want to.
I have also read independent reports of such exploits.
Personally, however, the answer is "no". For everything I've experienced,
an "rpm -Va" turned up modified system utilities. Not that that helps much.
Even if RPM if fully intact, it isn't going to save you from an SUID-root
shell in /tmp or a modified configuration file.
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
