Martin on 12/08/08 16:34, wrote:
On Tue, Aug 12, 2008 at 5:12 PM, Adam Hardy <[EMAIL PROTECTED]> wrote:
The question is, what do I replace chkrootkit with, especially if stuff like
rkhunter's not much better?
tripwire maybe?
apt-cache show tripwire
Description: file and directory integrity checker
Tripwire is a tool that aids system administrators and users in
monitoring a designated set of files for any changes. Used with
system files on a regular (e.g., daily) basis, Tripwire can notify
system administrators of corrupted or tampered files, so damage
control measures can be taken in a timely manner.
Tag: admin::monitoring, interface::commandline, interface::daemon,
role::program, security::ids, security::integrity, use::monitor,
works-with::file, works-with::mail
I don't have access to a floppy or cdrom drive - the server is hosted somewhere
at an ISP. I think any cracker would just re-run tripwire if they found it
installed.
Perhaps I could write a script to retrieve some hashes from another server? Does
that make sense?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
