Date: Mon, 14 Jan 2008 16:15:49 -0800 (PST) From: Tim Clewlow <tim1timau@yahoo.com> To: Dan Lukes <dan@obluda.cz>, freebsd security <freebsd-security@freebsd.org> Subject: Re: Anti-Rootkit app Message-ID: <965729.35921.qm@web50310.mail.re2.yahoo.com> In-Reply-To: <478BB3DA.5070302@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Dan Lukes <dan@obluda.cz> wrote: > >> I need to install an anti-rootkid > > If I understand correctly, an intruder need to be superuser to be able > to install a rootkit. > > If our intruders has superuser privileges, they can tamper any > anti-rootkit. > > Is the main reason to install anti-rootkit we count the intruders are > so dumb to look for one of port's anti-rootkit package before they do > it's dirt work ? > > Or I miss something important ? > > Dan One solution would be to have /var/log/auth.log being tailed out via a serial port to another computer that is not accessable via a network - or have it sent to a printer for a permanent hard-copy. It all depends on how much you really want to do in regard to security. Cheers, Tim. ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?965729.35921.qm>