Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] netstat-output
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Fri, 08 Dec 2000 11:13:10 +1100
  • Message-id: <5.0.1.4.0.20001208110826.00aa43f8@xxxxxxxxxxxxxxxxxxxx>
*grin* Don't you just love admins who do this!!!!!
When we do penetration tests, often we just disable fcheck or tripwire
entirely, and run a script from cron that mails a random "good" report every
day to the admin, it is rarely if ever noticed. At least it's never noticed b4
we deliver the report, and I've heard of systems in the "wild" who have had
this done to them indefinitely. At a minimum it gives you a chance to trojanise
the backups for an extended period of time.

As for the statement that someone made about using a non modular kernel,
it is not necessary to have a modular capable kernel to load a trojan "module"

Nix

At 11:46 AM 6/12/2000 +0300, you wrote:
> Burn it on a CD-R along with your tripwire database as soon as you have
> installed and configured your system, but before you bring up the network
Well you could also use fcheck personally I find it much better than
tripwire I then run fcheck -a from my cron and voila everyday I get a
report of changes to my system.


---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx


< Previous Next >
Follow Ups
References