Mensaje citado por Bernd Eckenfels <[EMAIL PROTECTED]>: > On Sun, Jul 06, 2003 at 01:00:13PM -0500, Jos� Guzm�n wrote: > > This practice, at least over here, aids in improving sysadmin sleep at > night. > > this is a very false asumption. If somebody is able to trojan your kernel > with a loadable module, he is also able to simply install a new kernel with > a trojan in it. > > Dont bet your sleep on it.
You�re quite right about this, it�s all meaningless if you can�t realize if/when the box has been compromised (rebooted, and with a different kernel). But that�s why IDS is for, with a properly configured tripwire or integrit setup, with integrity databases in a read only medium, and maybe with remote monitoring and logging, you�ll sleep better at night too ;). Now a worry that remains is physical access to the machine room... There�s no single practice that will guarantee a safe operation, and I believe that not even a combination of all known good practices can be 100% secure, but at least the risk is reduced by combining several methods with a bit of good old paranoia. > > Greetings > Bernd > -- > (OO) -- [EMAIL PROTECTED] -- > ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ > o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE > (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > Jos� --- "The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates, The Road Ahead ---
