Date: Thu, 16 Sep 1999 21:28:11 -0400 (EDT) From: "Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu> To: Brett Glass <brett@lariat.org> Cc: Liam Slusser <liam@tiora.net>, Kenny Drobnack <kdrobnac@mission.mvnc.edu>, security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel Message-ID: <Pine.SOL.3.96L.990916210821.19993A-100000@unix8.andrew.cmu.edu> In-Reply-To: <4.2.0.58.19990916185341.00aaf100@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
No offense, but tripwire is really a bit overrated except if the person is a script child and hasn't a clue as to what to do. If tripwire hasn't been set up with the db set on a readonly disk partition and you gain root, you can set up a KLM to change the db on the fly. On Thu, 16 Sep 1999, Brett Glass wrote: > At 04:14 PM 9/16/99 -0700, Liam Slusser wrote: > > >Right...but if the system was hacked what would stop the hacker from > >building BPF in a kernel? > > securelevel=2 or securelevel=3. > > Or Tripwire. > > --Brett > > > [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] Harry M. Leitzell - Harry_M_Leitzell@cmu.edu Carnegie Mellon University Finger for PGP Public Key [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96L.990916210821.19993A-100000>