[lug] i got hacked

[Bear Giles]

> One final piece of advise when you rebuild, install tripwire.  All of the
> firewall recommendations, combined with wrappers, log sentry (log check)
> will help prevent it from happening again, but tripwire will let you know if
> it _does_ happen again.

If tripwire isn't installed properly, it can give you a false sense
of security.  In a situation like this you *must* use media which is
physically read-only - a knowledgeable attacker would simply update
your tripwire database if it's not on readonly media (not just a
readonly partition or file).

Bear