[lug] i got hacked
Sexton, George
gsexton at mhsoftware.com
Fri Apr 19 10:30:01 MDT 2002
I don't think its quite that easy. The tripwire database is signed.
-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of Bear Giles
Sent: 19 April, 2002 10:25 AM
To: lug at lug.boulder.co.us
Subject: Re: [lug] i got hacked
> One final piece of advise when you rebuild, install tripwire. All of the
> firewall recommendations, combined with wrappers, log sentry (log check)
> will help prevent it from happening again, but tripwire will let you know
if
> it _does_ happen again.
If tripwire isn't installed properly, it can give you a false sense
of security. In a situation like this you *must* use media which is
physically read-only - a knowledgeable attacker would simply update
your tripwire database if it's not on readonly media (not just a
readonly partition or file).
Bear
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list