*grin* Don't you just love admins who do this!!!!! When we do penetration tests, often we just disable fcheck or tripwire entirely, and run a script from cron that mails a random "good" report every day to the admin, it is rarely if ever noticed. At least it's never noticed b4 we deliver the report, and I've heard of systems in the "wild" who have had this done to them indefinitely. At a minimum it gives you a chance to trojanise the backups for an extended period of time. As for the statement that someone made about using a non modular kernel, it is not necessary to have a modular capable kernel to load a trojan "module" Nix At 11:46 AM 6/12/2000 +0300, you wrote:
Burn it on a CD-R along with your tripwire database as soon as you have installed and configured your system, but before you bring up the network Well you could also use fcheck personally I find it much better than tripwire I then run fcheck -a from my cron and voila everyday I get a report of changes to my system.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com