> > This is true. But where do you stop. What happens if somebody hacks login > > and starts sending your keystrokes over the net ? or iptables which tricks > > you into believing everything is being blocked properly, or one of your cron > > scripts ? :) > > oh sure, you use the best technology available to you. All I'm saying is > don't assume that your system is secure because tripwire says so. Always > augment it with something else. >
I agree Tripwire is not the be all and end all of anti hacking. The hacker/cracker's credo is what I can't get into today I will tomorrow. > > I think it's safe to say that once a hacker gets root, you're finished. > > well yes and no. It's safe to say that you don't know anything about > your system post-hacking (if indeed you know it was hacked). > If you have the time to spare and you know your systems then you can do some forensic work on your system see excatly how they got in also check to see if it was a kiddie or someone skilled in the art of cracking. I would advise anyone interested in security have a look at honeypot.net I think it is, read Lance's whitepapers. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
