At 04:44 PM 12/13/99 -0800, Aaron Turner wrote:
>Also realize that there are kernel modules out there that will "hide"
>changes so using RPM or things like Tripwire will *not* show modified
>files. If you have reason to believe that someone would bother doing an
>advanced crack like this, really your only choice is to re-install.
I agree RPM has it's limits as a substitute for Tripwire or the like. Two
questions: First, by reinstallation do you mean formatting the drive and
reinstalling or just install over the old binaries? I am considering an
upgrade to an old 5.2 system and I want to be sure it's clean after the
install. I'm wondering if I need to reformat or if an upgrade will secure
all the binaries on the system.
Second, these hacked kernel modules are real, not rumor? I've considered
the problem they pose to using Tripwire and I'm wondering if a simpler
solution would be to boot from a known-secure floppy? Assuming you could
afford to reboot, that would ensure that the OS sees all the files, right?
---
Alan D. Mead / Research Scientist / [EMAIL PROTECTED]
Institute for Personality and Ability Testing
1801 Woodfield Dr / Savoy IL 61874 USA
217-352-4739 (v) / 217-352-9674 (f)
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
