On Tue, Dec 02, 2003 at 02:01:23PM +0100, Bernhard R. Link wrote: > > A true IDS is needed, such as aide, tripwire, or cfengine to detect > > post-installation intrusion. Tie in aide or tripwire database > > checks/updates with the apt.conf "PostInst" option in addition to a > > daily cronjon to ensure the database is updated in a timely manner. > > I think this is even more stupid than using *.md5sums. When they are > daily generated, you have no chance at all to be sure they are not > modified.
I'm not following your logic, if that's what you call it. You're saying that checking the current filesystem on a daily basis is NOT a good way to verify filesystem integrity? Update your system when you introduce a known change (a must). Check it daily (a must). What is incorrect about this policy? -- Chad Walstrom <[EMAIL PROTECTED]> http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */
pgpHEmhCfxdqF.pgp
Description: PGP signature
