Ok with that said, how feasable is it for a cracker to install their rootkit, and mimic the checksummed files to match the contents of the floppy? Wouldn't he/she just have to unmount the exising floppy drive, remount it to his/her pseudo check sums?
I'm probably missing the howto detail where the alert is generated before rootkit is installed. Thanks, Don > Yes, sorry, I wasn't clear about that. The floppy is mounted RO, plus > the disk's tab is moved to the RO position. I agree... I > wouldn't feel > comfortable or safe if the floppy was just mounted RO. > >> Another way to do this is to install the AIDE package, that performs an checksum >> to certain files that you specify in the configuratio by the way tripwire do >> it... It's so easy to install and send you an e-mail notifying the daily results
