[Novalug] bots question
Scott Musman
musman@aug-sys.com
Wed Dec 3 22:48:21 EST 2008
Yes, most integrity checkers do modification, addition, and deletion
The following link is a little out of date (check the version numbers),
but its a helpful comparison of features of the various choices for
file-system integrity checkers..
http://la-samhna.de/library/scanners.html
On Wed, 2008-12-03 at 21:49 -0500, Mackenzie Morgan wrote:
> On Wed, 2008-12-03 at 21:42 -0500, Maxwell Spangler wrote:
> > On Wed, 2008-12-03 at 11:53 -0500, Mackenzie Morgan wrote:
> >
> > > I also like to check the $PATH after I go to cons. Rather than
> > > replacing /usr/bin/ls sometimes a /usr/local/bin/ls will show up on a
> > > compromised system, so checking what version of which commands you're
> > > using can be a good idea.
> >
> > Shouldn't tripwire find something like that?
>
> Does it notice new files that are added or only modified already-there
> files? I've never used it.
>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
More information about the Novalug
mailing list