Date: Tue, 24 Jul 2001 19:23:27 +0100 From: Ben Smithurst <ben@FreeBSD.org> To: alex wetmore <alex@phred.org> Cc: Peter Pentchev <roam@orbitel.bg>, Jon Loeliger <jdl@jdl.com>, security@freebsd.org Subject: Re: Security Check Diffs Question Message-ID: <20010724192327.G20105@strontium.shef.vinosystems.com> In-Reply-To: <20010724110942.L32042-100000@phred.org> References: <20010724190607.F20105@strontium.shef.vinosystems.com> <20010724110942.L32042-100000@phred.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
alex wetmore wrote:
>> hmm, so if an intruder replaced a file without changing it's link count,
>> size, or modification time, I wouldn't be alerted? Perhaps we should
>> change the security script to print the files ctime instead of mtime,
>> since the ctime can't be forged?
>
> Or keep md5 signatures around...
well, yes, but that requires more than a single character change to
/etc/security. :-)
--
Ben Smithurst / ben@FreeBSD.org FreeBSD: The Power To Serve
http://www.FreeBSD.org/
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7Xb0ebPzJ+yzvRCwRAjbxAKDKVH09rpYc85kvQtlXdBk0nYTKHwCcCcDA
VYQdU61kajpaiZam4CmisL0=
=Kzt9
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010724192327.G20105>