On Mon, 30 Apr 2012 10:09:37 -0500 Nick Anderson <n...@cmdln.org> wrote:
NA> Well I think if we approach this with the expectation that we will stop NA> someone with root access from doing anything then we just performing an NA> exercise in futility. NA> You could argue that security is only the the inverse of convenience. We NA> take steps to make accessing something we don't want someone to access NA> less and less convenient. A determined person will take whatever NA> measures necessary to reach their goal if its that important to them. If NA> you don't want something to be accessed, its best to ensure it never exists. At a previous job we used Verdasys tools (http://www.verdasys.com) to log and block file accesses and other low-level security events. It won't stop a determined attacker, but Verdasys' tools work at such a low level that you can at least expect some notice that strange things are happening. Maybe that's what msvoboda is looking for. Ted _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
