On Wed, 2002-12-18 at 13:07, Minh Van Le wrote: > This is true. But where do you stop. What happens if somebody hacks login > and starts sending your keystrokes over the net ? or iptables which tricks > you into believing everything is being blocked properly, or one of your cron > scripts ? :)
oh sure, you use the best technology available to you. All I'm saying is don't assume that your system is secure because tripwire says so. Always augment it with something else. > I think it's safe to say that once a hacker gets root, you're finished. well yes and no. It's safe to say that you don't know anything about your system post-hacking (if indeed you know it was hacked). > > At the moment, I'll try to make things as secure as I can, and when I get > hacked again hopefully I'll have more experience to build a more secure box. > I'll probably use Debian the 3rd or 4th time around. _Anything_ is better > than what I had :) I didn't take security seriously before because it was > too time consuming and I was busy learning other things. This new found > attitude and motivation will benefit me in the long run :) your call of course. I'm not sure this "next time I get hacked" philosophy is the right thing to aim for though. For a home network a firewall is the most important bit. I'd recommend you proceed by setting up the best firewall you can and then running Nessus from a remote box to see if it can get in. Not foolproof but it gives you a way to gauge progress. HTH James. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > James Gregory > Sent: Wednesday, 18 December 2002 13:22 > To: Minh Van Le > Cc: [EMAIL PROTECTED] > Subject: Re: [SLUG] General question Re: Securing Redhat Linux > > > [snip] > > btw - you wanna be careful with tripwire et al. What happens when > someone hacks your box and replaces the tripwire executable with one > that sends an email at the alotted time intervals reporting that > everything is ok? It's better than nothing, but don't rely on it. > > HTH > > James. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
