Re: Anti-Rootkit app

2008-01-15 Thread Dan Lukes
Is the main reason to install anti-rootkit we count the intruders are so dumb to look for one of port's anti-rootkit package before they do it's dirt work ? Or I miss something important ? Klaus Steden wrote: > Good security is usually a comprehensive strategy E.g. "Exactly, you mised nothing

Re: Anti-Rootkit app

2008-01-14 Thread Jan Münther
Tim Clewlow schrieb: One solution would be to have /var/log/auth.log being tailed out via a serial port to another computer that is not accessable via a network - or have it sent to a printer for a permanent hard-copy. It all depends on how much you really want to do in regard to security.

Re: Anti-Rootkit app

2008-01-14 Thread Tim Clewlow
--- Dan Lukes <[EMAIL PROTECTED]> wrote: > >> I need to install an anti-rootkid > > If I understand correctly, an intruder need to be superuser to be able > to install a rootkit. > > If our intruders has superuser privileges, they can tamper any > anti-rootkit. > > Is the m

Re: Anti-Rootkit app

2008-01-14 Thread Jan Münther
Howdy, If you want to verify that nobody has changed files on your system, you can use a tripwire-like system. Mtree(1) actually includes tripwire-like functionality, which I've used quite successfully in the past. I think that the latter is more realistic, but that's just my humble opinion.

Re: Anti-Rootkit app

2008-01-14 Thread Michael W. Lucas
On Sun, Jan 13, 2008 at 10:38:37PM +0100, Jordi Espasa Clofent wrote: > Hi all, > > I need to install an anti-rootkid in a lot of servers. I know that > there're several options: tripwire, aide, chkrootkit... > > ?What do you prefer? > > Obviously, I have to define my needs: > > - easy setup a

Re: Anti-Rootkit app

2008-01-14 Thread Klaus Steden
Hi Dan, Good security is usually a comprehensive strategy, rather than hoping for a one-size-fits-all-magic-bullet solution. Combine a coherent packet filter with strong passwords, a competent IDS, BSD securelevels, and a file system integrity checker, and you've got a pretty solid strategy for

Re: Anti-Rootkit app

2008-01-14 Thread Dan Lukes
I need to install an anti-rootkid If I understand correctly, an intruder need to be superuser to be able to install a rootkit. If our intruders has superuser privileges, they can tamper any anti-rootkit. Is the main reason to install anti-rootkit we count the intruders are so dumb to l

Re: Anti-Rootkit app

2008-01-14 Thread Miroslav Lachman
Jordi Espasa Clofent wrote: Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ¿What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed I am using securit

Re: Anti-Rootkit app

2008-01-14 Thread Rob Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jordi, On 13/01/2008, Jordi Espasa Clofent wrote: > Hi all, > > I need to install an anti-rootkid in a lot of servers. I know that > there're several options: tripwire, aide, chkrootkit... > > ¿What do you prefer? > > Obviously, I have to define m

Anti-Rootkit app

2008-01-13 Thread Jordi Espasa Clofent
Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ¿What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed -- Thanks, Jordi Espasa Clofent _