[EMAIL PROTECTED] wrote:
Since I'm always installing updates on my Debian box, Tripwire IDS is daily reminding me of changes to my PC that require updating Tripwire box.
Oh, another thing I do: On our production machines at work cfengine monitors the md5sums of critical binary files and alerts me once (and only once) when it changes and then computes and stores the new checksum. So it alerts me when things change but takes care of itself from then on. Sure, one could still theoretically modify the cfengine binary on the machine to report the correct checksum. In practice I have never heard of that happening. I am mainly interested in protecting us from the automated attacks which install spam relays and bot networks than I am from the real professionals who would do such a complicated custom job as to notice and fix cfengine not to reveal their changes.
-- Tracy R Reed http://ultraviolet.org A: Because we read from top to bottom, left to right Q: Why should I start my reply below the quoted text -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
