Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] netstat-output
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Tue, 5 Dec 2000 23:57:26 +0100 (MET)
  • Message-id: <Pine.LNX.4.30.0012052354130.31072-100000@xxxxxxxxxxxx>
> > This of course is trivial for an attacker to circumvent, the RPM database is
> > not really protected at all.
> Burn it on a CD-R along with your tripwire database as soon as you have
> installed and configured your system, but before you bring up the network
> connections or allow anyone to log in on the console. And make sure no
> hacker can swap the CD-R around for one of his own making after
> compromising your system... :o)
> Cheers!
> Yuri.

I used to have the plaintext file databases lying around in the system,
hidden a bit so that it isn't obvious that it's a bait. The encrypted file
was somewhere else on the system. A simple diff over the two files
revealed what could have been tempered around with. Came very handy at

- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| N├╝rnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -

< Previous Next >