sslug-teknik team mailing list archive

Thread
Date

Re: Monitorering

To: sslug-teknik@xxxxxxxx
From: Mads Bondo Dydensborg <madsdyd@xxxxxxxxxxxx>
Date: Tue, 17 Sep 2002 09:28:25 +0200 (CEST)
Delivered-to: mailing list sslug-teknik@xxxxxxxx
In-reply-to: <3D866C66.A0414A6E@danbbs.dk>
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm

On Tue, 17 Sep 2002, Mogens Valentin wrote:

> Klavs Klavsen wrote:
> > Tripwire, signerer sin database for at undgå dette, men jeg mener bestemt
> > der findes rootkits, der fikser dette ved at ændre på tripwire-binarien.
> 
> Så lægger man sine IDS systemer med conf og databaser på cdrom =
> readonly.

Man vil stadig ikke kunne stole på at et system ikke er komprimiteret - 
hvis man har root adgang på en maskine med moduler kan man jo loade et 
modul der ændrer læsning fra cdrom til læsning fra noget andet. Osv.

Mads

-- 
Mads Bondo Dydensborg.                               madsdyd@xxxxxxxxxxxx
We have uniformly rejected all letters and declined all discussion upon the
question of when the present century ends, as it is one of the most absurd
that can engage the public attention, and we are astonished to find it has
been the subject of so much dispute, since it appears plain. The present
century will not terminate till January 1, 1801, unless it can be made out
that 99 are 100... It is a silly, childish discussion, and only exposes the
want of brains of those who maintain a contrary opinion to that we have
stated

                               - The Times, 26 December 1799

References

Re: Monitorering
From: Mogens Valentin, 2002-09-16