On Thu, Mar 29, 2001 at 01:04:47PM -0600, Kenneth Pronovici wrote: > I see two ways to get around this: one solution is for me to GPG-sign the > AIDE > checksum list when I create it. Then I could check the signature in my > script > that runs AIDE, and I would know that it was me who created it. This would > be > more like what Tripwire's latest release does.
If they root your box, they could mess with your gpg keyring and/or binary. They could just spew out fake emails that say the thing was checked, and even spin the floppy disk in case you were watching to make sure it was doing a "real" check. You can't use a possibly-cracked machine to check itself, unless you are checking for breakins on non-root accounts. (e.g. web page defacement if they got in through httpd.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
