[Novalug] bots question

Scott Musman musman@aug-sys.com
Wed Dec 3 22:48:21 EST 2008


Yes, most integrity checkers do modification, addition, and deletion

The following link is a little out of date (check the version numbers),
but its a helpful comparison of features of the various choices for
file-system integrity checkers..

http://la-samhna.de/library/scanners.html



On Wed, 2008-12-03 at 21:49 -0500, Mackenzie Morgan wrote:
> On Wed, 2008-12-03 at 21:42 -0500, Maxwell Spangler wrote:
> > On Wed, 2008-12-03 at 11:53 -0500, Mackenzie Morgan wrote:
> > 
> > > I also like to check the $PATH after I go to cons.  Rather than
> > > replacing /usr/bin/ls sometimes a /usr/local/bin/ls will show up on a
> > > compromised system, so checking what version of which commands you're
> > > using can be a good idea.
> > 
> > Shouldn't tripwire find something like that? 
> 
> Does it notice new files that are added or only modified already-there
> files?  I've never used it.
> 
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug




More information about the Novalug mailing list