Date: Mon, 14 Jan 2008 16:15:49 -0800 (PST) From: Tim Clewlow <tim1timau@yahoo.com> To: Dan Lukes <dan@obluda.cz>, freebsd security <freebsd-security@freebsd.org> Subject: Re: Anti-Rootkit app Message-ID: <965729.35921.qm@web50310.mail.re2.yahoo.com> In-Reply-To: <478BB3DA.5070302@obluda.cz>
index | next in thread | previous in thread | raw e-mail
--- Dan Lukes <dan@obluda.cz> wrote:
> >> I need to install an anti-rootkid
>
> If I understand correctly, an intruder need to be superuser to be able
> to install a rootkit.
>
> If our intruders has superuser privileges, they can tamper any
> anti-rootkit.
>
> Is the main reason to install anti-rootkit we count the intruders are
> so dumb to look for one of port's anti-rootkit package before they do
> it's dirt work ?
>
> Or I miss something important ?
>
> Dan
One solution would be to have /var/log/auth.log being tailed out via a serial
port to another computer that is not accessable via a network - or have it sent
to a printer for a permanent hard-copy. It all depends on how much you really
want to do in regard to security.
Cheers, Tim.
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?965729.35921.qm>